CVE-2016-5804

Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
moxamgate_mb3180_firmware
𝑥
< 1.8
moxamgate_mb3280_firmware
𝑥
< 2.7
moxamgate_mb3480_firmware
𝑥
< 2.6
moxamgate_mb3170_firmware
𝑥
< 2.5
moxamgate_mb3270_firmware
𝑥
< 2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/91777
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02
http://www.securityfocus.com/bid/91777
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02