CVE-2026-7671
Received Received - Intake
Authentication Bypass in CodeWise Tornet Scooter App

Publication date: 2026-05-03

Last updated on: 2026-05-03

Assigner: VulDB

Description
A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-03
Last Modified
2026-05-03
Generated
2026-06-16
AI Q&A
2026-05-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7671
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
codewise tornet_scooter_mobile_app 4.75
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact users by allowing attackers to perform excessive authentication attempts remotely without proper restriction. This could potentially lead to unauthorized access if the attacker is able to guess or brute-force authentication credentials.

However, the exploitability is considered difficult, which may reduce the likelihood of successful attacks. Still, the public disclosure of the exploit increases the risk that attackers may attempt to exploit this vulnerability.

Executive Summary

This vulnerability exists in the CodeWise Tornet Scooter Mobile App version 4.75 on iOS and Android platforms. It involves an unknown function within the file /TwoFactor that improperly restricts excessive authentication attempts. This means that the app does not adequately limit the number of times an attacker can try to authenticate, potentially allowing repeated attempts.

The attack exploiting this vulnerability can be performed remotely, but it is considered highly complex and difficult to exploit. Despite this, the exploit has been publicly disclosed and may be used by attackers.

The vendor was informed early about this issue but did not respond.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7671. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart