CVE-2017-13699

7.5HIGH

Key Information:

Vendor: Moxa
Status: Eds-g512e Firmware
Vendor: CVE Published:; 23 November 2017

Summary

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

References

https://www.sentryo.net/wp-content/uploads/2017/11/Switch...

x_refsource_MISC

http://www.securityfocus.com/bid/106047

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Aug 25, 2017