Login Sign Up

CVE-2023-6928

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to perform unlimited password guessing attacks against EuroTel ETL3100 devices, potentially gaining administrative access. Affected systems include EuroTel ETL3100 versions v01c01 and v01x37, which are industrial control system devices used in critical infrastructure.

💻 Affected Systems

Products:
  • EuroTel ETL3100
Versions: v01c01 and v01x37
Operating Systems: Embedded/Proprietary
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected firmware versions are vulnerable by default.

📦 What is this software?

Etl3100 Firmware by Eurotel

View all CVEs affecting Etl3100 Firmware →

Etl3100 Firmware by Eurotel

View all CVEs affecting Etl3100 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to manipulate industrial processes, disrupt operations, or exfiltrate sensitive data from critical infrastructure systems.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, data theft, or disruption of industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external attackers from reaching vulnerable interfaces.

🌐 Internet-Facing: HIGH - Devices exposed to internet are directly vulnerable to brute force attacks from anywhere.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires only network access to administrative interface and basic brute force tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Restart Required: No

Instructions:

No official patch available. Follow CISA advisory recommendations for mitigation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ETL3100 devices from untrusted networks and internet

Access Control Lists

all

Implement firewall rules to restrict access to administrative interfaces

🧯 If You Can't Patch

  • Implement strong password policies and change default credentials
  • Monitor authentication logs for brute force attempts and implement account lockout policies

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or console. If version is v01c01 or v01x37, device is vulnerable.

Check Version:

Check via device web interface or consult device documentation for version check command

Verify Fix Applied:

No patch available. Verify workarounds are implemented by testing network isolation and access controls.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts from single IP
  • Successful logins from unusual locations or times

Network Indicators:

  • High volume of HTTP/HTTPS requests to administrative port
  • Traffic patterns consistent with brute force tools

SIEM Query:

source_ip=* AND (event_type="authentication_failure" OR event_type="login_failed") AND count > 10 within 5 minutes

📊 Metadata

CVE ID: CVE-2023-6928
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-307
Published: December 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6928, you might also want to check these:

CVE-2023-1665 9.8

This vulnerability allows attackers to perform unlimited authentication attempts against Twake insta...

Same vulnerability type (CWE-307)
CVE-2020-28212 9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoS...

Same vulnerability type (CWE-307)
CVE-2024-9342 9.8

CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse Glass...

Same vulnerability type (CWE-307)