CVE-2020-27150

3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Nport Ia5150a Firmware Moxa Nport Ia5250a Firmware Moxa Nport Ia5450a Firmware

Timeline

PublishedMay 14

Latest updateMay 24

Description

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5nport_ia5000a_seriesAll versions

▶NVDmoxa/nport_ia5150a_firmware1.4

▶NVDmoxa/nport_ia5250a_firmware1.4

▶NVDmoxa/nport_ia5450a_firmware1.7

🔴Vulnerability Details

GHSA

GHSA-7gq3-m3h3-hwvp: In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and o↗2022-05-24

▶

CVEList

CVE-2020-27150: In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and o↗2021-05-14

▶