Weak Encryption Vulnerability in Moxa MGate Devices
CVE-2019-9095

6.2MEDIUM

Key Information:

Vendor

Moxa
Status
Mb3170 Firmware
Vendor
CVE Published:
11 March 2020

What is CVE-2019-9095?

A vulnerability in Moxa MGate devices has been identified where an attacker can potentially intercept weakly encrypted passwords. This issue affects multiple models including MB3170, MB3270, MB3280, MB3480, MB3660, and MB3180, allowing unauthorized users to gain administrative access to the affected products. It is crucial for users to upgrade to the latest firmware versions to mitigate this risk and enhance the security of their devices.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01
x_refsource_MISC
https://www.moxa.com/en/support/support/security-advisory...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.