CVE-2016-9361

Name of the Vulnerable Software and Affected Versions Moxa NPort 5110 versions prior to 2.6 Moxa NPort 5130/5150 Series versions prior to 3.6 Moxa NPort 5200 Series versions prior to 2.8 Moxa NPort 5400 Series versions prior to 3.11 Moxa NPort 5600 Series versions prior to 3.7 Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3 Moxa NPort 5200A Series versions prior to 1.3 Moxa NPort 5150AI-M12 Series versions prior to 1.2 Moxa NPort 5250AI-M12 Series versions prior to 1.2 Moxa NPort 5450AI-M12 Series versions prior to 1.2 Moxa NPort 5600-8-DT Series versions prior to 2.4 Moxa NPort 5600-8-DTL Series versions prior to 2.4 Moxa NPort 6x50 Series versions prior to 1.13.11 Moxa NPort IA5450A versions prior to v1.4

Description The issue is related to the authentication procedure in Moxa NPort devices, allowing administration passwords to be retried without authenticating. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Moxa NPort 5110 versions prior to 2.6, update to version 2.6 or later. For Moxa NPort 5130/5150 Series versions prior to 3.6, update to version 3.6 or later. For Moxa NPort 5200 Series versions prior to 2.8, update to version 2.8 or later. For Moxa NPort 5400 Series versions prior to 3.11, update to version 3.11 or later. For Moxa NPort 5600 Series versions prior to 3.7, update to version 3.7 or later. For Moxa NPort 5100A Series & NPort P5150A versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5200A Series versions prior to 1.3, update to version 1.3 or later. For Moxa NPort 5150AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5250AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5450AI-M12 Series versions prior to 1.2, update to version 1.2 or later. For Moxa NPort 5600-8-DT Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 5600-8-DTL Series versions prior to 2.4, update to version 2.4 or later. For Moxa NPort 6x50 Series versions prior to 1.13.11, update to version 1.13.11 or later. For Moxa NPort IA5450A versions prior to v1.4, update to version v1.4 or later.