CVE-2026-7671
Authentication Bypass in CodeWise Tornet Scooter App
Publication date: 2026-05-03
Last updated on: 2026-05-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| codewise | tornet_scooter_mobile_app | 4.75 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can impact users by allowing attackers to perform excessive authentication attempts remotely without proper restriction. This could potentially lead to unauthorized access if the attacker is able to guess or brute-force authentication credentials.
However, the exploitability is considered difficult, which may reduce the likelihood of successful attacks. Still, the public disclosure of the exploit increases the risk that attackers may attempt to exploit this vulnerability.
Can you explain this vulnerability to me?
This vulnerability exists in the CodeWise Tornet Scooter Mobile App version 4.75 on iOS and Android platforms. It involves an unknown function within the file /TwoFactor that improperly restricts excessive authentication attempts. This means that the app does not adequately limit the number of times an attacker can try to authenticate, potentially allowing repeated attempts.
The attack exploiting this vulnerability can be performed remotely, but it is considered highly complex and difficult to exploit. Despite this, the exploit has been publicly disclosed and may be used by attackers.
The vendor was informed early about this issue but did not respond.