CVE-2015-6464

Name of the Vulnerable Software and Affected Versions Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6

Description The administrative web interface of the affected switches has a flaw in access control, allowing remote authenticated users to bypass a read-only protection mechanism. This can be achieved by using a specific browser, such as Firefox, with a web-developer plugin. The issue is related to insufficient access control in the firmware of the Moxa EDS-405A and EDS-408A Ethernet switches.

Recommendations For Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6, update the firmware to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface until the firmware can be updated.