CVE-2019-9103

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3180 versions prior to 2.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3

Description An issue was discovered that allows an attacker to access sensitive information, such as conducting username disclosure attacks, on the built-in WEB-service without authorization. The vulnerability is related to weaknesses in the security mechanisms of the Moxa MGate devices' web server. This can enable a remote attacker to gain unauthorized access to protected information.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later. As a temporary workaround, consider restricting access to the built-in WEB-service until a patch is available.