CVE-2023-6928

Published: Dec 19, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.

Affected (2)

Products: Eurotel: Etl3100 Firmware

Eurotel

1 product

Etl3100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eurotel Etl3100 Firmware	Version 01c01
Eurotel Etl3100 Firmware	Version 01x37

Running on/with	Platform Versions
Eurotel Etl3100	All versions

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.