Cross-Site Request Forgery Vulnerability in Moxa MGate Devices
CVE-2019-9102

6.5MEDIUM

Key Information:

Vendor: Moxa
Status: Mb3170 Firmware
Vendor: CVE Published:; 11 March 2020

Summary

A vulnerability in Moxa MGate devices allows remote attackers to exploit a predictable mechanism for generating tokens. This issue can lead to the bypassing of the Cross-Site Request Forgery (CSRF) protection mechanisms, potentially allowing unauthorized actions on behalf of users without their consent. Targeted devices include various models within the MB series, which require prompt attention to patch and secure against such exploitations.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01

x_refsource_MISC

https://www.moxa.com/en/support/support/security-advisory...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 24, 2019