Vulnerabilities > CVE-2001-1291 - Improper Restriction of Excessive Authentication Attempts vulnerability in 3Com Superstack II PS HUB 40 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

3com

CWE-307

critical

exploit available

NVD

Published: 2001-07-12

Updated: 2024-02-09

Summary

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

Vulnerable Configurations

Part	Description	Count
OS	3Com 3Com Superstack II PS HUB 40 Firmware -	1
Hardware	3Com 3Com Superstack II PS HUB 40 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit-Db

description	3Com SuperStack II PS Hub 40 TelnetD Weak Password Protection Vulnerability. CVE-2001-1291 . Remote exploit for hardware platform
id	EDB-ID:21011
last seen	2016-02-02
modified	2001-07-12
published	2001-07-12
reporter	Siberian
source	https://www.exploit-db.com/download/21011/
title	3Com SuperStack II PS Hub 40 TelnetD Weak Password Protection Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References