Weak Encryption Vulnerability in Moxa MGate Series from Moxa
CVE-2016-5804

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Mgate Mb3180 Firmware
Vendor: CVE Published:; 15 July 2016

Summary

Moxa's MGate series devices are susceptible to a vulnerability that stems from their use of weak encryption methods, enabling remote attackers to circumvent authentication controls. This issue is significant as it could allow an attacker to gain unauthorized access to the device by executing a brute-force attack to guess parameter values. Affected models need urgent updates to strengthen their security protocols and mitigate potential exploitation.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02

x_refsource_MISC

http://www.securityfocus.com/bid/91777

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2016
Vulnerability Reserved
Jun 23, 2016