CVE-2022-40895

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password utility could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. This affects NeDi 1.0.7 for OS X 1.0.7 <= and NeDi for Suse 1.0.7 <= and NeDi for FreeBSD 1.0.7 <=.

En determinados productos Nedi, una vulnerabilidad en la Interfaz de Usuario Web de NeDi login &amp; Community login podría permitir a un atacante remoto no autenticado afectar a la integridad de un dispositivo por medio de una vulnerabilidad de Enumeración de usuarios. La vulnerabilidad es debido a un diseño no seguro, donde una diferencia en la utilidad de olvido de contraseña podría permitir a un atacante determinar si el usuario es válido o no, permitiendo un ataque de fuerza bruta con usuarios válidos. Esto afecta a NeDi versiones 1.0.7 para OS X versiones anteriores a 1.0.7 incluyéndola, y NeDi para Suse versiones anteriores a 1.0.7 incluyéndola, y NeDi para FreeBSD versiones anteriores a 1.0.7 incluyéndola