CVE-2020-6979

CWE-321 CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 40.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Eds-510e Firmware Moxa Eds-g516e Firmware

Timeline

PublishedMar 24

Latest updateMay 24

Description

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDmoxa/eds-g516e_firmware5.2

▶NVDmoxa/eds-510e_firmware5.2

🔴Vulnerability Details

GHSA

GHSA-rh3w-9rw6-jh3x: In Moxa EDS-G516E Series firmware, Version 5↗2022-05-24

▶

CVEList

CVE-2020-6979: In Moxa EDS-G516E Series firmware, Version 5↗2020-03-24

▶