Описание
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.7 (включая)Версия до 1.3 (включая)Версия до 1.0 (включая)
Одновременно
Одно из
cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00319
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.
EPSS
Процентиль: 55%
0.00319
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-532