CVE-2017-13699

Published: Nov 23, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it.

Affected (1)

Products: Moxa: Eds G512e Firmware

1 product

Eds G512e Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Eds G512e Firmware	Version 5.1

Running on/with	Platform Versions
Moxa Eds G512e	All versions

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (4)

http://www.securityfocus.com/bid/106047

Source: cve@mitre.org

https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

Source: cve@mitre.org

MitigationThird Party Advisory

http://www.securityfocus.com/bid/106047

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.