3.8.3

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

bab-technologie

CWE-863

critical

NVD

Published: 2021-09-09

Updated: 2021-09-20

Summary

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access.

Vulnerable Configurations

Part	Description	Count
OS	Bab-Technologie BAB Technologie Eibport Firmware 3.8.2 BAB Technologie Eibport Firmware 3.8.3	2
Hardware	Bab-Technologie BAB Technologie Eibport V3	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://psytester.github.io/CVE-2021-28911