Cleartext Password Exposure in Moxa MGate Products
CVE-2019-9104

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Mb3170 Firmware
Vendor: CVE Published:; 11 March 2020

What is CVE-2019-9104?

A security issue exists in Moxa MGate devices where configuration files contain sensitive parameters, including passwords, exposed in cleartext. This lack of encryption can lead to unauthorized access and exploitation by attackers who can easily read the passwords from the configuration files. Users are strongly advised to upgrade to the latest firmware versions to mitigate this risk.

References

https://www.us-cert.gov/ics/advisories/icsa-20-056-01

x_refsource_MISC

https://www.moxa.com/en/support/support/security-advisory...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2020
Vulnerability Reserved
Feb 24, 2019