Overview
- Description
- This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
- Source
- vdisclose@cert-in.org.in
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 7.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
CVE-2024-51557 Wave 2.0 OTP Flooding Vulnerability via API Rate Limiting Flaw There is a security problem in Wave 2.0 because it does not limit the number of OTP requests. This issue is found in one of its API en... https://t.co/XgMXReVJcV
@VulmonFeeds
4 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51557 This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnera… https://t.co/zlFK7uGNVG
@CVEnew
4 Nov 2024
301 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F04B8B0A-9AD2-4CB8-B164-4D024B9E8547",
"versionEndExcluding": "120820241550"
},
{
"criteria": "cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CB8ACF7-4C40-492A-AA7E-41FDA5A3B913",
"versionEndExcluding": "1.1.7"
}
],
"operator": "OR"
}
]
}
]