CVE-2024-12297
published 2025-01-15CVE-2024-12297: Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server…
critical9.2CVSS 4.0
AVNACLATPPRNUINVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moxa | eds-508a_series | 1.0 – 3.11 | — |
| moxa | pt-508_series | 1.0 – 3.8 | — |
| moxa | pt-510_series | 1.0 – 3.8 | — |
| moxa | pt-7528_series | 1.0 – 5.0 | — |
| moxa | pt-7728_series | 1.0 – 3.9 | — |
| moxa | pt-7828_series | 1.0 – 4.0 | — |
| moxa | pt-g503_series | 1.0 – 5.3 | — |
| moxa | pt-g510_series | 1.0 – 6.5 | — |
| moxa | pt-g7728_series | 1.0 – 6.5 | — |
| moxa | pt-g7828_series | 1.0 – 6.5 | — |