Vulnerability CVE-2023-24080
Published: 2023-02-21   Modified: 2023-02-22

Description:
A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.

 References:
https://brackishllc-my.sharepoint.com/:u:/g/personal/matt_brackish_io/EVIBVQz86jBLsLmGbaj64ecBNv-XY51u8-Boeoj4DMGRhw?e=XRcx72
https://partner-identity.myq-cloud.com/api/Account/EmailValidation
https://brackish.io/chamberlain-myq-account-takeover/
http://chamberlain.com
Copyright 2026, cxsecurity.com

 

Back to Top