CVE-2021-28909

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.
References
Link Resource
https://psytester.github.io/CVE-2021-28909 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bab-technologie:eibport_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bab-technologie:eibport:v3:*:*:*:*:*:*:*

Information

Published : 2021-09-09 11:15

Updated : 2021-09-21 06:39


NVD link : CVE-2021-28909

Mitre link : CVE-2021-28909


JSON object : View

CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts

Advertisement

dedicated server usa

Products Affected

bab-technologie

  • eibport_firmware
  • eibport