CVE-2024-12297

CWE-6564 documents4 sources
Severity
9.2CRITICAL
EPSS
0.2%
top 61.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Moxa Eds-508a SeriesMoxa Pt-508 SeriesMoxa Pt-510 Series+7 more
Timeline
PublishedJan 15

Description

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Packages10 packages

CVEListV5moxa/pt-508_series1.03.8
CVEListV5moxa/pt-510_series1.03.8
CVEListV5moxa/pt-7528_series1.05.0
CVEListV5moxa/pt-7728_series1.03.9
CVEListV5moxa/pt-7828_series1.04.0

🔴Vulnerability Details

2
CVEList
Frontend Authorization Logic Disclosure Vulnerability2025-01-15
GHSA
GHSA-jp78-8mxr-44qr: Moxa’s Ethernet switch EDS-508A Series, running firmware version 32025-01-15

📋Vendor Advisories

1
Red Hat
kernel: wifi: ath12k: Skip Rx TID cleanup for self peer2024-12-27
CVE-2024-12297 (CRITICAL CVSS 9.2) | Moxa’s Ethernet switch is vulnerabl | cvebase.io