PT-2015-3454 · Mozilla+1 · Firefox+2
Erwin Paternotte
·
Published
2015-09-03
·
Updated
2015-09-14
·
CVE-2015-6464
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6
Description
The administrative web interface of the affected switches has a flaw in access control, allowing remote authenticated users to bypass a read-only protection mechanism. This can be achieved by using a specific browser, such as Firefox, with a web-developer plugin. The issue is related to insufficient access control in the firmware of the Moxa EDS-405A and EDS-408A Ethernet switches.
Recommendations
For Moxa EDS-405A and EDS-408A switches with firmware prior to 3.6, update the firmware to version 3.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to the administrative web interface until the firmware can be updated.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Moxa Eds-405A
Moxa Eds-408A