EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.
The system does not implement a mechanism for account lockout or limiting the number of failed login attempts (CWE-307 — Improper Restriction of Excessive Authentication Attempts). An attacker can remotely, without any privileges and without user interaction, perform unlimited consecutive attempts to guess administrator account passwords. After guessing the correct credentials, they gain full access to the device.
An attacker can gain full administrative control over the EuroTel ETL3100 device, which in an industrial environment (ICS) may lead to infrastructure disruption, configuration modification, or complete system takeover.
Patches available from the manufacturer should be applied according to references. Additionally, until updates are applied, it is recommended to restrict network access to the device through a firewall or VPN, and to monitor failed login attempts.
EuroTel ETL3100 Firmware versions v01c01 and v01x37
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEurotel Etl3100
HWEurotelwszystkie wersjeEurotel Etl3100 Firmware
OSEurotel01c0101x37