CVE-2021-25309

Name of the Vulnerable Software and Affected Versions: Gigaset DX600A version 41.00-175

Description: The issue concerns the telnet administrator service on Gigaset DX600A devices, which lacks lockout or throttling functionality. This, combined with a weak password policy that only allows 4-digit passwords, makes it possible for remote attackers to gain administrative access through brute-force attacks.

Recommendations: For version 41.00-175, consider disabling the telnet administrator service on port 650 until a more secure authentication mechanism is implemented, and enforce a stronger password policy to prevent brute-force attacks.