CVE-2024-12297

Name of the Vulnerable Software and Affected Versions Moxa EDS-508A Series versions 3.11 and earlier

Description The Moxa EDS-508A Series Ethernet switch is vulnerable to an authentication bypass due to flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

Recommendations For Moxa EDS-508A Series versions 3.11 and earlier, a patch is available for affected devices. It is recommended to apply this patch to fix the vulnerability. As a temporary workaround, consider restricting access to the device and its network to minimize the risk of exploitation.