CVE-2021-28909
CRITICALBAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated Brute Force Attack via Login Service
Title source: llmDescription
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://psytester.github.io/CVE-2021-28909
Scores
CVSS v3
9.8
EPSS
0.0135
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (1)
bab-technologie/eibport_firmware
< 3.9.1
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026