Mgate Mb3180 Firmware
CVE-2016-5804
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
AnalysisAI
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-326. Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. Affected products include: Moxa Mgate Mb3180 Firmware, Moxa Mgate Mb3280 Firmware, Moxa Mgate Mb3480 Firmware, Moxa Mgate Mb3170 Firmware, Moxa Mgate Mb3270 Firmware. Version information: before 1.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Mgate Mb3180 Firmware
View allAn issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Rated high severity (CVSS 7.5), this vulnerabil
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Rated high severity (CVSS 7.5), this vulnerabil
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today