CVE-2025-7630 PUBLISHED

OTP Password Brute Forcing in DorukNet's Wispotter

Assigner: TR-CERT
Reserved: 14.07.2025 Published: 18.02.2026 Updated: 18.02.2026

Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force.This issue affects Wispotter: from 1.0 before v2025.10.08.1.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Doruk Communication and Automation Industry and Trade Inc.
Product	Wispotter
Versions	Default: unaffected affected from 1.0 to v2025.10.08.1 (excl.)

Credits

Kaan BEKAR finder

References

https://www.usom.gov.tr/bildirim/tr-26-0070

Problem Types

CWE-307 Improper Restriction of Excessive Authentication Attempts CWE
CWE-287 Improper Authentication CWE

Impacts

CAPEC-49 Password Brute Forcing
CAPEC-112 Brute Force