CVE-2019-9102

6.5MEDIUM

Key Information:

Vendor: Moxa
Status: Mb3170 Firmware
Vendor: CVE Published:; 11 March 2020

Summary

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01

x_refsource_MISC

https://www.moxa.com/en/support/support/security-advisory...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 24, 2019