CVE-2017-16727

Опубликовано: 22 дек. 2017

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.

Ссылки

http://www.securityfocus.com/bid/102254
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/102254
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:moxa:nport_w2150a_firmware:*:*:*:*:*:*:*:*

Версия до 1.11 (исключая)

cpe:2.3:h:moxa:nport_w2150a:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:moxa:nport_w2250a_firmware:*:*:*:*:*:*:*:*

Версия до 1.11 (исключая)

cpe:2.3:h:moxa:nport_w2250a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-255

CWE-521

Связанные уязвимости

GHSA-8vv3-5rrp-vm83