9.8

CVE-2021-28909

EPSS 1.76%
Veröffentlicht 09.09.2021 18:15:08
Zuletzt bearbeitet 21.11.2024 06:00:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bab-technologie ≫ Eibport Firmware Version < 3.9.1

Bab-technologie ≫ Eibport Versionv3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.76%	0.818

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://psytester.github.io/CVE-2021-28909

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28909

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28909

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28909

EUVD