Telnet Vulnerability in Moxa NPort IA5000A Series Devices
CVE-2020-27184

5.9MEDIUM

Key Information:

Vendor: Moxa
Status: Nport Ia5000a Series With Telnet Enabled
Vendor: CVE Published:; 14 May 2021

Summary

The NPort IA5000A Series devices expose users to security risks due to the use of Telnet as a network device management service. Telnet communications are not encrypted, enabling potential Man-in-the-Middle attacks that could lead to unauthorized access or control over the devices involved. This makes it crucial for users to implement additional security measures or consider using alternative protocols that offer encrypted communication.

Affected Version(s)

NPort IA5000A Series with Telnet enabled All versions

References

https://www.moxa.com/en/support/product-support/security-...

x_refsource_MISC

https://ics-cert.kaspersky.com/advisories/klcert-advisori...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2021
Vulnerability Reserved
Oct 16, 2020