CVE-2021-4161

CWE-319 — Cleartext Transmission3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mgate Mb3180 Series Moxa Mgate Mb3180 Firmware Moxa Mgate Mb3280 Firmware +3 more

Timeline

PublishedDec 27

Latest updateDec 28

Description

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶NVDmoxa/mgate_mb3180_firmware2.2

▶NVDmoxa/mgate_mb3280_firmware4.1

▶NVDmoxa/mgate_mb3480_firmware3.2

▶CVEListV5moxa/mgate_mb3180_seriesall — 2.2

▶CVEListV5moxa/mgate_mb3280_seriesall 4.1

🔴Vulnerability Details

GHSA

GHSA-628p-46mw-v4f9: The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details↗2021-12-28

▶

CVEList

ICSA-21-357-01 Moxa MGate Protocol Gateways↗2021-12-27

▶