CVE-2019-17215
CRITICALV-Zug Combi-Steam MSLQ Firmware < ethernet_r07 - Unauthenticated Brute Force Attack via Missing Lockout Mechanism
Title source: llmDescription
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
References (1)
Core 1
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.140463
Scores
CVSS v3
9.8
EPSS
0.0118
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (1)
vzug/combi-stream_mslq_firmware
< ethernet_r07
Published
Oct 06, 2019
Tracked Since
Feb 18, 2026