Описание
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
Уязвимые конфигурации
Конфигурация 1Версия до 2.2 (включая)
Одновременно
Одно из
cpe:2.3:a:moxa:edr_g903_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr_g903_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr_g903_firmware:2.0:*:*:*:*:*:*:*
cpe:2.3:a:moxa:edr_g903_firmware:2.1:*:*:*:*:*:*:*
cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00344
Низкий
7.6 High
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
EPSS
Процентиль: 56%
0.00344
Низкий
7.6 High
CVSS2
Дефекты
CWE-310