Main Vulnerability Database Vulnerabilities #VU21341

Use of Hard-coded Cryptographic Key in Moxa EDS-510E and Moxa EDS-G516E - #VU21341

Published: September 25, 2019

Vulnerability identifier: #VU21341

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-321

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Moxa

Affected software:
Moxa EDS-510E
Moxa EDS-G516E

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to firmware uses a hard-coded cryptographic key. A local user can obtain the key and decrypt files with sensitive information.

Remediation

Install updates from vendor's website.

The vendor also recommends to enable Password on configuration file from Configuration File Encryption Setting.

Sources

https://www.moxa.com/en/support/support/security-advisory/eds-g516e-510e-ethernet-switches-vulnerabilities

Use of Hard-coded Cryptographic Key in Moxa EDS-510E and Moxa EDS-G516E - #VU21341

Detailed vulnerability description

Remediation

Sources

Please verify you're human