Weak Encryption Vulnerability in Moxa MGate Devices
CVE-2019-9095

6.2MEDIUM

Key Information:

Vendor: Moxa
Status: Mb3170 Firmware
Vendor: CVE Published:; 11 March 2020

Summary

A vulnerability in Moxa MGate devices has been identified where an attacker can potentially intercept weakly encrypted passwords. This issue affects multiple models including MB3170, MB3270, MB3280, MB3480, MB3660, and MB3180, allowing unauthorized users to gain administrative access to the affected products. It is crucial for users to upgrade to the latest firmware versions to mitigate this risk and enhance the security of their devices.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01

x_refsource_MISC

https://www.moxa.com/en/support/support/security-advisory...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 24, 2019