Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/91777 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2016-07-15 16:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-5804
Mitre link : CVE-2016-5804
CVE.ORG link : CVE-2016-5804
JSON object : View
Products Affected
moxa
- mgate_mb3170
- mgate_mb3270_firmware
- mgate_mb3270
- mgate_mb3180_firmware
- mgate_mb3280
- mgate_mb3480
- mgate_mb3280_firmware
- mgate_mb3170_firmware
- mgate_mb3180
- mgate_mb3480_firmware
CWE
CWE-326
Inadequate Encryption Strength