An attacker can cause disruption of service by sending specially crafted HTTP requests to the sophos captive portal, which can lead to the targeted devices being disconnected from the internet and forced to re-login. This attack can be carried out by an attacker who is within range of the sophos captive portal.
Dos
- FortiRecorder is susceptible to an uncontrolled resource consumption vulnerability [CWE-400], which can be exploited by an unauthenticated attacker through crafted GET/POST requests to make the device unavailable.
