CRITICAL🇵🇱 Wersja polska

CVE-2023-6928

CVSS 9.8v3.1pub. 2023-12-19upd. 2024-11-21

EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.

🤖 AI Analysis
How it works

The system does not implement a mechanism for account lockout or limiting the number of failed login attempts (CWE-307 — Improper Restriction of Excessive Authentication Attempts). An attacker can remotely, without any privileges and without user interaction, perform unlimited consecutive attempts to guess administrator account passwords. After guessing the correct credentials, they gain full access to the device.

Impact

An attacker can gain full administrative control over the EuroTel ETL3100 device, which in an industrial environment (ICS) may lead to infrastructure disruption, configuration modification, or complete system takeover.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. Additionally, until updates are applied, it is recommended to restrict network access to the device through a firewall or VPN, and to monitor failed login attempts.

Who is affected

EuroTel ETL3100 Firmware versions v01c01 and v01x37

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Eurotel Etl3100

    HW
    Eurotel
    wszystkie wersje
  • Eurotel Etl3100 Firmware

    OS
    Eurotel
    01c0101x37
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-6930CRITICAL9.4PL ✓ten sam produkt

EuroTel ETL3100 — nieautoryzowane pobranie konfiguracji i logów

CVE-2023-6929HIGH7.5ten sam produkt

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur...