CVE-2021-4161

Published: Dec 27, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

Affected (3)

Products: Moxa: Mgate Mb3180 Firmware, Mgate Mb3280 Firmware, Mgate Mb3480 Firmware

Moxa

3 products

Mgate Mb3180 Firmware

Mgate Mb3280 Firmware

Mgate Mb3480 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Mgate Mb3180 Firmware	Up to 2.2

Running on/with	Platform Versions
Moxa Mgate Mb3180	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Mgate Mb3280 Firmware	Up to 4.1

Running on/with	Platform Versions
Moxa Mgate Mb3280	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Mgate Mb3480 Firmware	Up to 3.2

Running on/with	Platform Versions
Moxa Mgate Mb3480	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.