CVE-2017-13701

Published: Nov 23, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

Affected (1)

Products: Moxa: Eds G512e Firmware

1 product

Eds G512e Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Eds G512e Firmware	Version 5.1

Running on/with	Platform Versions
Moxa Eds G512e	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/101966

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

Source: cve@mitre.org

MitigationThird Party Advisory

http://www.securityfocus.com/bid/101966

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.