CVE-2017-12123 — Insufficiently Protected Credentials in Moxa

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 61.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Talos Moxa Moxa Edr-810 Firmware

Timeline

PublishedMay 14

Latest updateMay 13

Description

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5talos/moxaMoxa EDR-810 V4.1 build 17030317

▶NVDmoxa/edr-810_firmware4.1

🔴Vulnerability Details

GHSA

GHSA-q73q-mh85-fcv8: An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4↗2022-05-13

▶

CVEList

CVE-2017-12123: An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4↗2018-05-14

▶