Описание
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.
Ссылки
- MitigationThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*
cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.
EPSS
Процентиль: 27%
0.00098
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326