CVE-2021-28909

Name of the Vulnerable Software and Affected Versions: BAB TECHNOLOGIE GmbH eibPort V3 versions prior to 3.9.1

Description: The issue allows unauthenticated attackers to access the login service at "/webif/SecurityModule" in a brute force attack. The password could be weak and the default username is known as admin. This can be part of an attack chain to gain SSH root access.

Recommendations: For versions prior to 3.9.1, update to version 3.9.1 or later to resolve the issue. As a temporary workaround, consider changing the default username and password, and restricting access to the "/webif/SecurityModule" endpoint to minimize the risk of exploitation.