CVE-2016-5804

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Mgate Mb3180 Firmware
Vendor: CVE Published:; 15 July 2016

Summary

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02

x_refsource_MISC

http://www.securityfocus.com/bid/91777

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2016
Vulnerability Reserved
Jun 23, 2016