CVE-2021-4161

Name of the Vulnerable Software and Affected Versions Moxa MGate versions MB3180, MB3280, and MB3480

Description The issue is related to the transmission of data in plain text, which could allow an attacker to intercept traffic and decrypt login credentials, potentially granting admin rights through the HTTP web server. This could enable a remote attacker to gain unauthorized access to protected information or elevate their privileges.

Recommendations For Moxa MGate versions MB3180, MB3280, and MB3480, consider restricting access to the HTTP web server until a fix is available. As a temporary workaround, avoid using the HTTP web server for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.