CVE-2016-5804 Information

Description

Moxa MGate MB3180 before 1.8 MGate MB3280 before 2.7 MGate MB3480 before 2.6 MGate MB3170 before 2.5 and MGate MB3270 before 2.7 use weak encryption which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/91777 https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8