CVE-2024-51557

This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

History

08 Nov 2024, 15:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - Third Party Advisory
Summary
  • (es) Esta vulnerabilidad existe en Wave 2.0 debido a la falta de limitación de velocidad en las solicitudes OTP en un endpoint de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad enviando múltiples solicitudes OTP a través de un endpoint de API vulnerable, lo que podría provocar un bombardeo o inundación de OTP en el sistema objetivo.
First Time 63moons wave 2.0
63moons
63moons aero
CWE CWE-770
CPE cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*

04 Nov 2024, 13:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 13:17

Updated : 2024-11-08 15:19


NVD link : CVE-2024-51557

Mitre link : CVE-2024-51557

CVE.ORG link : CVE-2024-51557


JSON object : View

Products Affected

63moons

  • aero
  • wave_2.0
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-799

Improper Control of Interaction Frequency