CVE-2017-13701

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Eds-g512e Firmware
Vendor: CVE Published:; 23 November 2017

Summary

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

References

https://www.sentryo.net/wp-content/uploads/2017/11/Switch...

x_refsource_MISC

http://www.securityfocus.com/bid/101966

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Aug 25, 2017