Vulnerability Details CVE-2021-28909
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SSH root access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
Products affected by CVE-2021-28909
-
cpe:2.3:h:bab-technologie:eibport:v3
-
cpe:2.3:o:bab-technologie:eibport_firmware:3.8.2
-
cpe:2.3:o:bab-technologie:eibport_firmware:3.8.3