9.1

CVE-2017-16727

EPSS 0.21%
Veröffentlicht 22.12.2017 02:29:15
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Nport W2150a Firmware Version < 1.11

Moxa ≫ Nport W2150a Version-

Moxa ≫ Nport W2250a Firmware Version < 1.11

Moxa ≫ Nport W2250a Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.429

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

http://www.securityfocus.com/bid/102254

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01

Patch

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2017-16727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16727

EUVD