Web Interface Vulnerability in Moxa EDS-405A and EDS-408A Switches
CVE-2015-6464

Currently unrated

Key Information:

Vendor: Moxa
Status: Eds-405a Firmware; Eds-408a Firmware
Vendor: CVE Published:; 11 September 2015

What is CVE-2015-6464?

The administrative web interface of Moxa EDS-405A and EDS-408A switches is susceptible to a vulnerability that allows remote authenticated users to circumvent a read-only protection mechanism. This exploit can be executed using the Firefox browser paired with a web-developer plugin, enabling unauthorized access to sensitive configuration settings. This issue affects switches running firmware prior to version 3.6, highlighting the importance of keeping firmware updated to enhance security and protect against potential exploits.

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03

x_refsource_MISC

http://www.moxa.com/support/download.aspx?type=support&id...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 11, 2015
Vulnerability Reserved
Aug 17, 2015