Extraction of Private Keys from MOXA EDS-G512E Devices
CVE-2017-13698

7.5HIGH

Key Information:

Vendor: Moxa
Status: Eds-g512e Firmware
Vendor: CVE Published:; 23 November 2017

Summary

A vulnerability has been identified in MOXA EDS-G512E devices where an attacker can extract both public and private keys from the firmware image available on the manufacturer's website. This weakness poses a significant risk since the compromised keys can be utilized against production switches that utilize the default key settings, potentially leading to unauthorized access and control. It is crucial for users to take immediate measures to secure their devices and update firmware to mitigate exposure.

References

https://www.sentryo.net/wp-content/uploads/2017/11/Switch...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Aug 25, 2017