#VU113777 Improper Restriction of Excessive Authentication Attempts in EG4 Electronics products - CVE-2025-46414
Published: August 8, 2025
Vulnerability identifier: #VU113777
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-46414
CWE-ID: CWE-307
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EG4 12kPV
EG4 18kPV
EG4 Flex 21
EG4 Flex 18
EG4 6000XP
EG4 12000XP
EG4 GridBoss
EG4 12kPV
EG4 18kPV
EG4 Flex 21
EG4 Flex 18
EG4 6000XP
EG4 12000XP
EG4 GridBoss
Software vendor:
EG4 Electronics
EG4 Electronics
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product does not limit the number of attempts for inputting the correct PIN for a registered product. A remote attacker can conduct brute force attacks to gain access to the target device.
Remediation
Install updates from vendor's website.