PT-2016-5088 · Moxa · Miineport E2 1242+4
Karn Ganeshen
·
Published
2016-05-31
·
Updated
2016-11-30
·
CVE-2016-2285
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moxa MiiNePort E1 4641 version 1.1.10 Build 09120714
Moxa MiiNePort E1 7080 version 1.1.10 Build 09120714
Moxa MiiNePort E2 1242 version 1.1 Build 10080614
Moxa MiiNePort E2 4561 version 1.1 Build 10080614
Moxa MiiNePort E3 version 1.0 Build 11071409
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users. This can be exploited by tricking a user into performing unintended actions on the web application.
Recommendations
For Moxa MiiNePort E1 4641 version 1.1.10 Build 09120714, update the firmware to a version that addresses the CSRF vulnerability.
For Moxa MiiNePort E1 7080 version 1.1.10 Build 09120714, update the firmware to a version that addresses the CSRF vulnerability.
For Moxa MiiNePort E2 1242 version 1.1 Build 10080614, update the firmware to a version that addresses the CSRF vulnerability.
For Moxa MiiNePort E2 4561 version 1.1 Build 10080614, update the firmware to a version that addresses the CSRF vulnerability.
For Moxa MiiNePort E3 version 1.0 Build 11071409, update the firmware to a version that addresses the CSRF vulnerability.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Miineport E3
Miineport E1 4641
Miineport E1 7080
Miineport E2 1242
Miineport E2 4561