CVE-2019-9102
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
Affected (6)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3170 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3270 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3180 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3280 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3480 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.2 |
| Running on/with | Platform Versions |
|---|---|
Moxa Mb3660 | All versions |
References (4)
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.