CVE-2020-27184

CWE-319 — Cleartext Transmission CWE-3263 documents3 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 75.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Nport Ia5150a Firmware Moxa Nport Ia5250a Firmware Moxa Nport Ia5450a Firmware

Timeline

PublishedMay 14

Latest updateMay 24

Description

The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5nport_ia5000a_series_with_telnet_enabledAll versions

▶NVDmoxa/nport_ia5150a_firmware1.4

▶NVDmoxa/nport_ia5250a_firmware1.4

▶NVDmoxa/nport_ia5450a_firmware1.7

🔴Vulnerability Details

GHSA

GHSA-7cmj-xmp5-mmr2: The NPort IA5000A Series devices use Telnet as one of the network device management services↗2022-05-24

▶

CVEList

CVE-2020-27184: The NPort IA5000A Series devices use Telnet as one of the network device management services↗2021-05-14

▶