#VU25663 Cross-site request forgery in Moxa products - CVE-2019-9102
Published: February 27, 2020
Vulnerability identifier: #VU25663
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-9102
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Moxa MGate MB3170 Series
Moxa MGate MB3270 Series
Moxa MGate MB3180 Series
Moxa MGate MB3280 Series
Moxa MGate MB3480 Series
Moxa MGate MB3660 Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in a predictable mechanism of generating tokens. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Install updates from vendor's website.