Search
Find a vulnerability
Search criteria
2 vulnerabilities by Doruk Communication and Automation Industry and Trade Inc.
CVE-2025-7630 (GCVE-0-2025-7630)
Vulnerability from nvd – Published: 2026-02-18 12:09 – Updated: 2026-06-05 13:45
VLAI
EPSS
VEX
Title
OTP Password Brute Forcing in DorukNet's Wispotter
Summary
Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.
This issue affects Wispotter: from 1.0 before v2025.10.08.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0070 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Doruk Communication and Automation Industry and Trade Inc. | Wispotter |
Affected:
1.0 , < v2025.10.08.1
(custom)
|
Date Public
2026-02-18 12:02
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:21:31.804444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:21:38.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wispotter",
"vendor": "Doruk Communication and Automation Industry and Trade Inc.",
"versions": [
{
"lessThan": "v2025.10.08.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan BEKAR"
}
],
"datePublic": "2026-02-18T12:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.\u003cp\u003eThis issue affects Wispotter: from 1.0 before v2025.10.08.1.\u003c/p\u003e"
}
],
"value": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.\n\nThis issue affects Wispotter: from 1.0 before v2025.10.08.1."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T13:45:21.837Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0070"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0070"
}
],
"source": {
"advisory": "TR-26-0070",
"defect": [
"TR-26-0070"
],
"discovery": "UNKNOWN"
},
"title": "OTP Password Brute Forcing in DorukNet\u0027s Wispotter",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7630",
"datePublished": "2026-02-18T12:09:07.301Z",
"dateReserved": "2025-07-14T08:50:45.676Z",
"dateUpdated": "2026-06-05T13:45:21.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7630 (GCVE-0-2025-7630)
Vulnerability from cvelistv5 – Published: 2026-02-18 12:09 – Updated: 2026-06-05 13:45
VLAI
EPSS
VEX
Title
OTP Password Brute Forcing in DorukNet's Wispotter
Summary
Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.
This issue affects Wispotter: from 1.0 before v2025.10.08.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0070 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Doruk Communication and Automation Industry and Trade Inc. | Wispotter |
Affected:
1.0 , < v2025.10.08.1
(custom)
|
Date Public
2026-02-18 12:02
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:21:31.804444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:21:38.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wispotter",
"vendor": "Doruk Communication and Automation Industry and Trade Inc.",
"versions": [
{
"lessThan": "v2025.10.08.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kaan BEKAR"
}
],
"datePublic": "2026-02-18T12:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.\u003cp\u003eThis issue affects Wispotter: from 1.0 before v2025.10.08.1.\u003c/p\u003e"
}
],
"value": "Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.\n\nThis issue affects Wispotter: from 1.0 before v2025.10.08.1."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T13:45:21.837Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0070"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0070"
}
],
"source": {
"advisory": "TR-26-0070",
"defect": [
"TR-26-0070"
],
"discovery": "UNKNOWN"
},
"title": "OTP Password Brute Forcing in DorukNet\u0027s Wispotter",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7630",
"datePublished": "2026-02-18T12:09:07.301Z",
"dateReserved": "2025-07-14T08:50:45.676Z",
"dateUpdated": "2026-06-05T13:45:21.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}