CVE-2021-25309

CRITICAL Year: 2021
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-307
View all →

Vulnerability Description

The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.

Related Vulnerabilities

CVE-1999-1324

CRITICAL
CVSS:9.8(Critical)

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which ma...

CWE-3071999

CVE-2001-0395

CRITICAL
CVSS:9.8(Critical)

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

CWE-3072001

CVE-2001-1291

CRITICAL
CVSS:9.8(Critical)

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the serv...

CWE-3072001

CVE-2001-1339

CRITICAL
CVSS:9.8(Critical)

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password gue...

CWE-3072001

CVE-2013-4441

CRITICAL
CVSS:9.8(Critical)

The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CWE-3072013

CVE-2016-9124

CRITICAL
CVSS:9.8(Critical)

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown f...

CWE-3072016