CVE-2021-28913
CRITICALBAB TECHNOLOGIE eibPort V3 < 3.9.1 - Unauthenticated SSH Root Access via Hardcoded Passphrase Exposure
Title source: llmDescription
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase. This is usable and part of an attack chain to gain SSH root access.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://psytester.github.io/CVE-2021-28913
Scores
CVSS v3
9.8
EPSS
0.0179
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
bab-technologie/eibport_firmware
< 3.9.1
Published
Sep 09, 2021
Tracked Since
Feb 18, 2026