Описание
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
Уязвимость встроенного веб-сервера микропрограммного обеспечения преобразователей протоколов Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480 и MB3660, позволяющая нарушителю выполнить произвольные действия на уязвимом устройстве
EPSS
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2