CVE-2019-9104

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3 Moxa MGate MB3180 versions prior to 2.1

Description The application's configuration file contains parameters that represent passwords in cleartext, allowing an attacker to gain unauthorized access to protected information using a specially crafted configuration file. This issue is related to the unencrypted storage of confidential information.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later to resolve the issue. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later to resolve the issue. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later to resolve the issue. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later to resolve the issue. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later to resolve the issue. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation.