Overview
- Description
- An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-307
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D622A17-7569-4A0A-A500-E07DF939ACEB",
"versionEndExcluding": "ethernet_r07"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68A4AABA-B6A5-4E1E-A848-F5AB12E7EAFF",
"versionEndExcluding": "wlan_r05"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]