Cleartext transmission of sensitive information in Moxa products - CVE-2019-9101
Published: February 27, 2020
Vulnerability identifier: #VU25666
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-9101
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
How to mitigate CVE-2019-9101
Install updates from vendor's website.