Information Disclosure in Moxa MGate MB3170, MB3270, MB3280, MB3480, MB3660 and MB3180 Devices
CVE-2019-9101

8.8HIGH

Key Information:

Vendor: Moxa
Status: Mb3170 Firmware
Vendor: CVE Published:; 11 March 2020

Summary

A security concern has been identified in Moxa MGate MB3170, MB3270, MB3280, MB3480, MB3660, and MB3180 devices where sensitive information, including user credentials, is transmitted to the web server in an unencrypted format. This flaw could potentially allow malicious actors to intercept and exploit this data by monitoring network traffic between the client and server, compromising the security of the devices.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01

x_refsource_MISC

https://www.moxa.com/en/support/support/security-advisory...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 24, 2019