Security restrictions bypass in Moxa NPort W2150A and W2250A

Published: 2017-12-22 11:51:44
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-16727
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-255
Exploitation vector Network
Public exploit Not available
Vulnerable software NPort W2250A
NPort W2150A
Vulnerable software versions NPort W2250A -
NPort W2150A -
Vendor URL Moxa

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to empty default password. A remote attacker can access the device without a password and compromise the confidentiality and integrity of the wireless traffic.

Remediation

Update to version 2.1.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01

Back to List