PT-2016-6689 · Moxa · Mgate Mb3180+4

Maxim Rupp

·

Published

2016-07-15

·

Updated

2021-07-16

·

CVE-2016-5804

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Moxa MGate MB3180 versions 1.8 and earlier Moxa MGate MB3280 versions 2.7 and earlier Moxa MGate MB3480 versions 2.6 and earlier Moxa MGate MB3170 versions 2.5 and earlier Moxa MGate MB3270 versions 2.7 and earlier
Description The issue allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. This is due to the use of weak encryption.
Recommendations For Moxa MGate MB3180 version 1.8 and earlier, update to version 1.8 or later. For Moxa MGate MB3280 version 2.7 and earlier, update to version 2.7 or later. For Moxa MGate MB3480 version 2.6 and earlier, update to version 2.6 or later. For Moxa MGate MB3170 version 2.5 and earlier, update to version 2.5 or later. For Moxa MGate MB3270 version 2.7 and earlier, update to version 2.7 or later.

Fix

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-326

Related Identifiers

CVE-2016-5804

Affected Products

Mgate Mb3170
Mgate Mb3180
Mgate Mb3270
Mgate Mb3280
Mgate Mb3480