Improper Restriction of Excessive Authentication Attempts

CVE-2020-7508

High

9.8/10

Summary

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-307 - Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

References

Advisory Timeline

Published Jun 16, 2020

Improper Restriction of Excessive Authentication Attempts

CVE-2020-7508

Summary

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS