Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
References
Link | Resource |
---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01 | Third Party Advisory US Government Resource |
https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01 - Third Party Advisory, US Government Resource |
Information
Published : 2016-05-31 01:59
Updated : 2024-11-21 02:42
NVD link : CVE-2016-0879
Mitre link : CVE-2016-0879
CVE.ORG link : CVE-2016-0879
JSON object : View
Products Affected
moxa
- edr-g903_firmware
- edr-g903
CWE
CWE-532
Insertion of Sensitive Information into Log File