CVE-2019-9101

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3 Moxa MGate MB3180 versions prior to 2.1

Description The issue is related to the use of the HTTP protocol by default, which may allow an attacker to intercept sensitive information, including administrator credentials, if they can observe traffic between the web browser and the server. This could potentially allow a remote attacker to gain access to the system management.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later to resolve the issue. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later to resolve the issue. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later to resolve the issue. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later to resolve the issue. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later to resolve the issue. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the HTTP protocol and implementing a more secure protocol, such as HTTPS, to minimize the risk of exploitation.