Vulnerabilities > BAB Technologie

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-28914 Weak Password Requirements vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced.
4.3
2021-09-09 CVE-2021-28909 Improper Restriction of Excessive Authentication Attempts vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack.
network
low complexity
bab-technologie CWE-307
5.0
2021-09-09 CVE-2021-28910 Server-Side Request Forgery (SSRF) vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability.
network
low complexity
bab-technologie CWE-918
5.0
2021-09-09 CVE-2021-28911 Incorrect Authorization vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g.
network
low complexity
bab-technologie CWE-863
critical
10.0
2021-09-09 CVE-2021-28912 Weak Password Requirements vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3.
network
low complexity
bab-technologie CWE-521
critical
9.0
2021-09-09 CVE-2021-28913 Missing Authentication for Critical Function vulnerability in Bab-Technologie Eibport Firmware 3.8.2/3.8.3
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif/SecurityModule to validate the so called and hard coded unique 'eibPort String' which acts as the root SSH key passphrase.
network
low complexity
bab-technologie CWE-306
critical
10.0
2020-11-12 CVE-2020-24573 Resource Exhaustion vulnerability in Bab-Technologie Eibport Firmware 3.8.2
BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.
network
low complexity
bab-technologie CWE-400
5.0