Back to search
CVE-2021-28911
Published: Sep 9, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp path which contains some sensitive data (e.g. device serial number). Having those info, a possible loginId can be self-calculated in a brute force attack against BMX interface. This is usable and part of an attack chain to gain SSH root access.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://psytester.github.io/CVE-2021-28911
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now