CVE-2016-5804

CWE-3263 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 60.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mgate Mb3170 Firmware Moxa Mgate Mb3180 Firmware Moxa Mgate Mb3270 Firmware +2 more

Timeline

PublishedJul 15

Latest updateMay 13

Description

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDmoxa/mgate_mb3170_firmware< 2.5

▶NVDmoxa/mgate_mb3180_firmware< 1.8

▶NVDmoxa/mgate_mb3270_firmware< 2.7

▶NVDmoxa/mgate_mb3280_firmware< 2.7

▶NVDmoxa/mgate_mb3480_firmware< 2.6

🔴Vulnerability Details

GHSA

GHSA-5cr2-3qp3-5h49: Moxa MGate MB3180 before 1↗2022-05-13

▶

CVEList

CVE-2016-5804: Moxa MGate MB3180 before 1↗2016-07-15

▶