CVE-2020-6985

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
55
Moxa Pt-7528-12msc-12tx-4gsfp-hv-hv FirmwareMoxa Pt-7528-12msc-12tx-4gsfp-hv FirmwareMoxa Pt-7528-12msc-12tx-4gsfp-wv-wv Firmware+52 more
Timeline
PublishedMar 24
Latest updateMay 24

Description

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages55 packages

🔴Vulnerability Details

2
GHSA
GHSA-gp77-fg8q-p93m: In Moxa PT-7528 series firmware, Version 42022-05-24
CVEList
CVE-2020-6985: In Moxa PT-7528 series firmware, Version 42020-03-24

💥Exploits & PoCs

1
Exploit-DB
SmarterMail Build 6985 - Remote Code Execution2020-12-09
CVE-2020-6985 (CRITICAL CVSS 9.8) | In Moxa PT-7528 series firmware | cvebase.io