CVE-2017-12123

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.

CVSS v3 8.8 HIGH
CVSS v2.0 3.3 LOW

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-14 20:29

Updated : 2023-12-10 12:30

NVD link : CVE-2017-12123

Mitre link : CVE-2017-12123

CVE.ORG link : CVE-2017-12123

JSON object : View

Products Affected

moxa

edr-810_firmware
edr-810

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2017-12123", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-05-14T20:29:00.313", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin."}, {"lang": "es", "value": "Existe una vulnerabilidad de transmisi\u00f3n de contrase\u00f1as en texto claro en las funcionalidades de servidor web y telnet de Moxa EDR-810 V4.1 build 17030317. Un atacante puede visualizar el tr\u00e1fico de red para obtener la contrase\u00f1a de administrador del dispositivo. El atacante puede entonces utilizar las credenciales para iniciar sesi\u00f3n como admin."}], "lastModified": "2022-12-09T01:58:38.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB5AD896-998A-4CA4-AA8C-8B320856247F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A6BD14C-FD19-4AF7-A221-91B1A49C0A58"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}