Client-side password strength policy verification. CVSS3.1? OWASP WSTG?

Using the OWASP testing guide, if password strength policy verification is implemented only client-side, can that be considered a vulnerability? In which category?

Also which CVSS it should have?

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123