CVE-2016-5804
Last modified
CVE-2016-5804 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Mgate Mb3180 Firmware | < 1.8 |
| Moxa | Mgate Mb3280 Firmware | < 2.7 |
| Moxa | Mgate Mb3480 Firmware | < 2.6 |
| Moxa | Mgate Mb3170 Firmware | < 2.5 |
| Moxa | Mgate Mb3270 Firmware | < 2.7 |
References
- http://www.securityfocus.com/bid/91777Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/91777Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-5804?
How severe is CVE-2016-5804?
How do I fix CVE-2016-5804?
Are you affected by CVE-2016-5804?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST