CVE-2019-6520

Name of the Vulnerable Software and Affected Versions Moxa IKS and EDS (affected versions not specified) Moxa IKS-G6824A (affected versions not specified)

Description The issue is related to inadequate authority checks on the server side, allowing a read-only user to make arbitrary configuration changes. This is associated with insufficient access control, which can be exploited by a remote attacker to gain unauthorized access to the device.

Recommendations For Moxa IKS and EDS, restrict access to configuration changes to minimize the risk of exploitation. For Moxa IKS-G6824A, consider implementing additional access control measures to prevent unauthorized configuration changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.