CVE-2018-16550

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1540%

EPSS Percentile39.43th

PublishedSep 5, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

TeamViewer 10.x through 13.x allows remote attackers to bypass the brute-force authentication protection mechanism by skipping the "Cancel" step, which makes it easier to determine the correct value of the default 4-digit PIN.

Affected Platforms (CPE)

📦

Teamviewer

>= 10.0.2551 and <= 13.2.9356

References & Advisories

🔗 https://twitter.com/vah_13/status/1036894081350291457

Related Vulnerabilities

CVE-2010-31289.3

Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execu...

CVE-2019-182518.8

In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version o...

CVE-2020-136998.8

TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch Tea...

CVE-2021-348598.8

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User inter...