CVE-2019-9102

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3180 versions prior to 2.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3

Description The issue is related to a predictable token generation mechanism in the embedded web server of Moxa MGate devices. This allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism, potentially enabling them to perform arbitrary actions on the vulnerable device. The exploitation of this issue can lead to the execution of unauthorized actions on the device through cross-site request forgery.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later.