Search
Find a vulnerability
Search criteria
2 vulnerabilities found for my Excitel App by Excitel Broadband Private
CVE-2025-1629 (GCVE-0-2025-1629)
Vulnerability from nvd – Published: 2025-02-24 05:00 – Updated: 2025-02-24 11:35
VLAI
Title
Excitel Broadband Private my Excitel App One-Time Password excessive authentication
Summary
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296610 | vdb-entry |
| https://vuldb.com/?ctiid.296610 | signaturepermissions-required |
| https://vuldb.com/?submit.501868 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Excitel Broadband Private | my Excitel App |
Affected:
3.13.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:35:00.669819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:35:35.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"One-Time Password Handler"
],
"product": "my Excitel App",
"vendor": "Excitel Broadband Private",
"versions": [
{
"status": "affected",
"version": "3.13.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "alokkumar0200 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Excitel Broadband Private my Excitel App 3.13.0 f\u00fcr Android ausgemacht. Es betrifft eine unbekannte Funktion der Komponente One-Time Password Handler. Mittels Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T05:00:11.687Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296610 | Excitel Broadband Private my Excitel App One-Time Password excessive authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.296610"
},
{
"name": "VDB-296610 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296610"
},
{
"name": "Submit #501868 | Excitel Broadband Private Ltd. myExcitel Android app 3.13.0 Insecure OTP Verification",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501868"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-23T20:40:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Excitel Broadband Private my Excitel App One-Time Password excessive authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1629",
"datePublished": "2025-02-24T05:00:11.687Z",
"dateReserved": "2025-02-23T19:23:21.462Z",
"dateUpdated": "2025-02-24T11:35:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1629 (GCVE-0-2025-1629)
Vulnerability from cvelistv5 – Published: 2025-02-24 05:00 – Updated: 2025-02-24 11:35
VLAI
Title
Excitel Broadband Private my Excitel App One-Time Password excessive authentication
Summary
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296610 | vdb-entry |
| https://vuldb.com/?ctiid.296610 | signaturepermissions-required |
| https://vuldb.com/?submit.501868 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Excitel Broadband Private | my Excitel App |
Affected:
3.13.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T11:35:00.669819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T11:35:35.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"One-Time Password Handler"
],
"product": "my Excitel App",
"vendor": "Excitel Broadband Private",
"versions": [
{
"status": "affected",
"version": "3.13.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "alokkumar0200 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Excitel Broadband Private my Excitel App 3.13.0 f\u00fcr Android ausgemacht. Es betrifft eine unbekannte Funktion der Komponente One-Time Password Handler. Mittels Manipulieren mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-799",
"description": "Improper Control of Interaction Frequency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T05:00:11.687Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296610 | Excitel Broadband Private my Excitel App One-Time Password excessive authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.296610"
},
{
"name": "VDB-296610 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296610"
},
{
"name": "Submit #501868 | Excitel Broadband Private Ltd. myExcitel Android app 3.13.0 Insecure OTP Verification",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501868"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-23T20:40:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Excitel Broadband Private my Excitel App One-Time Password excessive authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1629",
"datePublished": "2025-02-24T05:00:11.687Z",
"dateReserved": "2025-02-23T19:23:21.462Z",
"dateUpdated": "2025-02-24T11:35:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}