Description
An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Published: 2026-01-07
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An internal attacker can cause a denial of service by opening two simultaneous Telnet sessions on the device. The flaw leads to a resource exhaustion condition that renders the service unresponsive; it is identified as CWE‑400.

Affected Systems

The affected products are EFACEC QC 60, QC 90 and QC 120. No specific firmware or software version information is provided.

Risk and Exploitability

The vulnerability has a high CVSS score of 9.2, indicating severe impact. The EPSS score is below 1 percent, suggesting low likelihood of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. Exploitation requires access to the device’s internal network and the ability to open multiple Telnet connections, so an attacker must be locally connected or within a trusted segment.

Generated by OpenCVE AI on April 18, 2026 at 08:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or restrict the Telnet service to only trusted internal hosts or move the service to a protected subnet.
  • Apply any vendor firmware or software update that addresses this denial‑of‑service flaw as soon as it is released.
  • Replace Telnet with a secure alternative such as SSH, which encrypts traffic and offers better authentication.
  • Monitor system logs for abnormal Telnet activity and configure alerts for multiple concurrent connections to detect potential abuse.

Generated by OpenCVE AI on April 18, 2026 at 08:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://cds.thalesgroup.com/en cve-icon cve-icon
History

Thu, 08 Jan 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Efacec
Efacec qc 120
Efacec qc 60
Efacec qc 90
Vendors & Products Efacec
Efacec qc 120
Efacec qc 60
Efacec qc 90

Wed, 07 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
Description An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Title DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET
Weaknesses CWE-400
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Efacec Qc 120 Qc 60 Qc 90
cve-icon MITRE

Status: PUBLISHED

Assigner: S21sec

Published:

Updated: 2026-01-07T15:38:39.248Z

Reserved: 2026-01-07T14:01:04.829Z

Link: CVE-2026-22542

cve-icon Vulnrichment

Updated: 2026-01-07T15:38:29.180Z

cve-icon NVD

Status : Deferred

Published: 2026-01-07T16:15:51.740

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22542

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:15:15Z

Weaknesses