CVE-2020-6997

Name of the Vulnerable Software and Affected Versions Moxa EDS-G516E versions 5.2 or lower Moxa EDS-510E (affected versions not specified)

Description The issue is related to the use of the HTTP protocol by default in the implementation of the "Basic HTTP Authorization" method, which can allow a remote attacker to intercept administrator credentials and other confidential information and gain access to the system management. Sensitive information is transmitted over some web applications in cleartext.

Recommendations For Moxa EDS-G516E versions 5.2 or lower, consider disabling the use of HTTP protocol and switch to a secure protocol to minimize the risk of exploitation. For Moxa EDS-510E, at the moment, there is no information about a newer version that contains a fix for this vulnerability.