CVE-2019-17215

Published: Oct 6, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.

Affected (2)

Products: Vzug: Combi Stream Mslq Firmware

Vzug

1 product

Combi Stream Mslq Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before ethernet_r07

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vzug Combi Stream Mslq Firmware	Before wlan_r05

Running on/with	Platform Versions
Vzug Combi Stream Mslq	All versions

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://vuldb.com/?id.140463

Source: cve@mitre.org

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.140463

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.