Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NMoxa Eds 405a
HWMoxawszystkie wersjeMoxa Eds 405a Firmware
OSMoxa≤ 3.8Moxa Eds 408a
HWMoxawszystkie wersjeMoxa Eds 408a Firmware
OSMoxa≤ 3.8Moxa Eds 510a
HWMoxawszystkie wersjeMoxa Eds 510a Firmware
OSMoxa≤ 3.8Moxa Iks G6824a
HWMoxawszystkie wersjeMoxa Iks G6824a Firmware
OSMoxa≤ 4.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2019-6526CRITICAL9.8ten sam produkt
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version ...
CVE-2019-6524CRITICAL9.8ten sam produkt
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, whic...
CVE-2019-6557CRITICAL9.8ten sam produkt
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code ...
CVE-2019-6522CRITICAL9.1ten sam produkt
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arb...
CVE-2019-6563CRITICAL9.8ten sam produkt
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture th...