#VU25735 Improper Authentication in Moxa products
Published: March 3, 2020
Vulnerability identifier: #VU25735
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in authentication process. A remote attacker can bypass authentication by logging in with empty username/password and execute arbitrary actions with administrator privileges on an affected system.
Remediation
Install updates from vendor's website.