9.8
CVE-2016-5804
- EPSS 0.18%
- Veröffentlicht 15.07.2016 16:59:14
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMoxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Moxa ≫ Mgate Mb3180 Firmware Version < 1.8
Moxa ≫ Mgate Mb3280 Firmware Version < 2.7
Moxa ≫ Mgate Mb3480 Firmware Version < 2.6
Moxa ≫ Mgate Mb3170 Firmware Version < 2.5
Moxa ≫ Mgate Mb3270 Firmware Version < 2.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.