CVE-2021-25309

Published: Mar 2, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.

Affected (1)

Products: Gigaset: Dx600a Firmware

1 product

Dx600a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gigaset Dx600a Firmware	Version v41.00-175

Running on/with	Platform Versions
Gigaset Dx600a	All versions

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (2)

https://research.nccgroup.com/2021/02/28/technical-advisory-administrative-passcode-recovery-and-authenticated-remote-buffer-overflow-vulnerabilities-in-gigaset-dx600a-handset-cve-2021-25309-cve-2021-25306/

Source: cve@mitre.org

Third Party Advisory

https://research.nccgroup.com/2021/02/28/technical-advisory-administrative-passcode-recovery-and-authenticated-remote-buffer-overflow-vulnerabilities-in-gigaset-dx600a-handset-cve-2021-25309-cve-2021-25306/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.