Vulnerabilities > CVE-2021-27514 - Improper Restriction of Excessive Authentication Attempts vulnerability in Eyesofnetwork 5.310

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

eyesofnetwork

CWE-307

critical

NVD

Published: 2021-02-22

Updated: 2021-02-26

Summary

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).

Vulnerable Configurations

Part	Description	Count
Application	Eyesofnetwork Eyesofnetwork Eyesofnetwork 5.3-10	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://github.com/EyesOfNetworkCommunity/eonweb/issues/87
https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py