Password Vulnerability in MOXA EDS-G512E Devices
CVE-2017-13699

7.5HIGH

Key Information:

Vendor: Moxa
Status: Eds-g512e Firmware
Vendor: CVE Published:; 23 November 2017

Summary

A vulnerability in MOXA EDS-G512E 5.1 build 16072215 allows attackers to exploit an insecure password encryption method. The encryption algorithm leverages a chall value transmitted in cleartext via a POST parameter. By reversing this algorithm, attackers may recover sensitive passwords stored within the firmware, potentially compromising the security of the devices.

References

https://www.sentryo.net/wp-content/uploads/2017/11/Switch...

x_refsource_MISC

http://www.securityfocus.com/bid/106047

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Aug 25, 2017