PT-2017-3810 · Moxa · Mgate Mb3180+5
Evgeniy Druzhinin
+2
·
Published
2017-05-09
·
Updated
2020-03-17
·
CVE-2019-9096
CVSS v3.1
10
Critical
| Vector | AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
Moxa MGate MB3170 versions prior to 4.1
Moxa MGate MB3180 versions prior to 2.1
Moxa MGate MB3270 versions prior to 4.1
Moxa MGate MB3280 versions prior to 3.1
Moxa MGate MB3480 versions prior to 3.1
Moxa MGate MB3660 versions prior to 2.3
Description
The issue is related to insufficient password requirements for the MGate web application, which may allow an attacker to gain access by brute-forcing account passwords. This can enable a remote attacker to gain full access to the system by directly guessing the credentials.
Recommendations
For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later.
For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later.
For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later.
For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later.
For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later.
For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mgate Mb3170
Mgate Mb3180
Mgate Mb3270
Mgate Mb3280
Mgate Mb3480
Mgate Mb3660