Search criteria
10 vulnerabilities found for mb3280 by moxa
VAR-202003-0533
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. plural Moxa MGate A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
Many Moxa products have cross-site request forgery vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9102",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-9102",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014861",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-18362",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9102",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9102",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014861",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9102",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9102",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014861",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-18362",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1207",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. plural Moxa MGate A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have cross-site request forgery vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNVD",
"id": "CNVD-2020-18362"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-9102",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"id": "VAR-202003-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
}
]
},
"last_update_date": "2024-11-23T21:36:03.834000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa products cross-site request forgery vulnerability (CNVD-2020-18362)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209797"
},
{
"title": "Multiple Moxa Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111954"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-352",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9102"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9102"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"date": "2020-03-11T15:15:17.077000",
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18362"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014861"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1207"
},
{
"date": "2024-11-21T04:50:59.070000",
"db": "NVD",
"id": "CVE-2019-9102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Cross-site request forgery vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014861"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1207"
}
],
"trust": 0.6
}
}
VAR-202003-0529
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. plural Moxa MGate An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
A number of Moxa products have security vulnerabilities that attackers can use to create a temporary denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9097",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014921",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9097",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9097",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014921",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9097",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9097",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014921",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-18361",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1189",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. plural Moxa MGate An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nA number of Moxa products have security vulnerabilities that attackers can use to create a temporary denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNVD",
"id": "CNVD-2020-18361"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-9097",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18361",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"id": "VAR-202003-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
}
]
},
"last_update_date": "2024-11-23T21:36:03.807000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Many Moxa products have unknown vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209849"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112470"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9097"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9097"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"date": "2020-03-11T15:15:16.700000",
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18361"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014921"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1189"
},
{
"date": "2024-11-21T04:50:58.427000",
"db": "NVD",
"id": "CVE-2019-9097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014921"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1189"
}
],
"trust": 0.6
}
}
VAR-202003-0531
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). plural Moxa MGate A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MGate MB3170, etc. are all products of Moxa Company in Taiwan, China. Moxa MGate MB3170 is a MB3170 series Ethernet gateway product. Moxa MGate MB3270 is a MB3270 series Ethernet gateway product. Moxa MGate MB3280 is a MB3280 series Ethernet gateway product. An attacker can use this vulnerability to cause a denial of service or execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0531",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9099",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9099",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014930",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18359",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9099",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9099",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014930",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9099",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9099",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014930",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-18359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1215",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-9099",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). plural Moxa MGate A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MGate MB3170, etc. are all products of Moxa Company in Taiwan, China. Moxa MGate MB3170 is a MB3170 series Ethernet gateway product. Moxa MGate MB3270 is a MB3270 series Ethernet gateway product. Moxa MGate MB3280 is a MB3280 series Ethernet gateway product. An attacker can use this vulnerability to cause a denial of service or execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "VULMON",
"id": "CVE-2019-9099"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2019-9099",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18359",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-9099",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"id": "VAR-202003-0531",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
}
]
},
"last_update_date": "2024-11-23T21:36:03.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209783"
},
{
"title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.7,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9099"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9099"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"date": "2020-03-11T15:15:16.903000",
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18359"
},
{
"date": "2020-03-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9099"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014930"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1215"
},
{
"date": "2024-11-21T04:50:58.753000",
"db": "NVD",
"id": "CVE-2019-9099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Classic buffer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014930"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1215"
}
],
"trust": 0.6
}
}
VAR-202003-0528
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. plural Moxa MGate The device is vulnerable to a weak password request.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
Many Moxa products have weak password vulnerabilities. Attackers can use this vulnerability to gain access through brute force attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9096",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014920",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18366",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9096",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9096",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014920",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9096",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9096",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014920",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-18366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1195",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. plural Moxa MGate The device is vulnerable to a weak password request.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have weak password vulnerabilities. Attackers can use this vulnerability to gain access through brute force attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9096"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNVD",
"id": "CNVD-2020-18366"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-9096",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"id": "VAR-202003-0528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
}
]
},
"last_update_date": "2024-11-23T21:36:03.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa products weak password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209845"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111708"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9096"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9096"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"date": "2020-03-11T15:15:16.577000",
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18366"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014920"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1195"
},
{
"date": "2024-11-21T04:50:58.280000",
"db": "NVD",
"id": "CVE-2019-9096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Vulnerability in requesting weak passwords on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1195"
}
],
"trust": 0.6
}
}
VAR-202003-0535
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
Many Moxa products have information disclosure vulnerabilities that attackers can use to access administrative accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9104",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9104",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014863",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9104",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9104",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014863",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9104",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9104",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014863",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-18360",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1193",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9104",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application\u0027s configuration file contains parameters that represent passwords in cleartext. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have information disclosure vulnerabilities that attackers can use to access administrative accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9104"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "VULMON",
"id": "CVE-2019-9104"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2019-9104",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18360",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-9104",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"id": "VAR-202003-0535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
}
]
},
"last_update_date": "2024-11-23T21:36:03.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa product information disclosure vulnerabilities (CNVD-2020-18360)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209847"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111951"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
},
{
"problemtype": "CWE-312",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.7,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9104"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9104"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"date": "2020-03-11T15:15:17.247000",
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18360"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9104"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014863"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1193"
},
{
"date": "2024-11-21T04:50:59.400000",
"db": "NVD",
"id": "CVE-2019-9104"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Inadequate protection of credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1193"
}
],
"trust": 0.6
}
}
VAR-202003-0527
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
Many Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9095",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014864",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18363",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9095",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2019-9095",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014864",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9095",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014864",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-18363",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1202",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-9095",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "VULMON",
"id": "CVE-2019-9095"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2019-9095",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18363",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-9095",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"id": "VAR-202003-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
}
]
},
"last_update_date": "2024-11-23T21:36:03.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa products weak encryption algorithm vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209827"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111711"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.7,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9095"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"date": "2020-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"date": "2020-03-11T15:15:16.467000",
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18363"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9095"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014864"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1202"
},
{
"date": "2024-11-21T04:50:58.117000",
"db": "NVD",
"id": "CVE-2019-9095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Inadequate protection of credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014864"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1202"
}
],
"trust": 0.6
}
}
VAR-202003-0532
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9101",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9101",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014860",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18365",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9101",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-9101",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014860",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9101",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9101",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014860",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-18365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1197",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9101"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNVD",
"id": "CNVD-2020-18365"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-9101",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"id": "VAR-202003-0532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
}
]
},
"last_update_date": "2024-11-23T21:36:03.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa product plaintext transmission vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209839"
},
{
"title": "Multiple Moxa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111952"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"date": "2020-03-11T15:15:16.980000",
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18365"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014860"
},
{
"date": "2020-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1197"
},
{
"date": "2024-11-21T04:50:58.910000",
"db": "NVD",
"id": "CVE-2019-9101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Vulnerability in plaintext transmission of critical information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014860"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1197"
}
],
"trust": 0.6
}
}
VAR-202003-0534
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. plural Moxa MGate The device contains a vulnerability related to information leakage.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.
Many Moxa products have information disclosure vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9103",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9103",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014862",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9103",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9103",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-014862",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9103",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9103",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014862",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-18364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1200",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. plural Moxa MGate The device contains a vulnerability related to information leakage.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have information disclosure vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9103"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNVD",
"id": "CNVD-2020-18364"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9103",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"id": "VAR-202003-0534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
}
]
},
"last_update_date": "2024-11-23T21:36:03.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa product information disclosure vulnerabilities (CNVD-2020-18364)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209835"
},
{
"title": "Multiple Moxa Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111953"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9103"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9103"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"date": "2020-03-11T15:15:17.153000",
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18364"
},
{
"date": "2020-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014862"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1200"
},
{
"date": "2024-11-21T04:50:59.243000",
"db": "NVD",
"id": "CVE-2019-9103"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1200"
}
],
"trust": 0.6
}
}
VAR-202003-0530
Vulnerability from variot - Updated: 2024-11-23 21:36An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-0530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "4.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "2.2"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.0"
},
{
"model": "mgate mb3170",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3180",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.1"
},
{
"model": "mgate mb3270",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "mgate mb3280",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3480",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "mgate mb3660",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "2.3"
},
{
"model": "mb3180",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.0"
},
{
"model": "mb3280",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3480",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.0"
},
{
"model": "mb3660",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=2.2"
},
{
"model": "mb3170",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
},
{
"model": "mb3270",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9098",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9098",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014922",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-18367",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9098",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9098",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014922",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9098",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2019-9098",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014922",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-18367",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1210",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9098"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNVD",
"id": "CNVD-2020-18367"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-056-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-9098",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-18367",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0720",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"id": "VAR-202003-0530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
}
],
"trust": 1.35657895
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
}
]
},
"last_update_date": "2024-11-23T21:36:03.605000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"title": "Patch for Multiple Moxa product integer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/209795"
},
{
"title": "Multiple Moxa Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112471"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9098"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9098"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"date": "2020-03-11T15:15:16.827000",
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-18367"
},
{
"date": "2020-03-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014922"
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1210"
},
{
"date": "2024-11-21T04:50:58.600000",
"db": "NVD",
"id": "CVE-2019-9098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MGate Integer overflow vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014922"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1210"
}
],
"trust": 0.6
}
}
VAR-202002-1689
Vulnerability from variot - Updated: 2022-05-04 10:03MOXA MGate is a serial communication server produced by Taiwan moxa Technology Co., Ltd.
The moxa mb3180 / mb3280 / mb3480 series serial communication server has an unauthorized access vulnerability. An attacker can use this vulnerability to reset the system IP, password, and restart the system.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mb3180",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "mb3280",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "mb3480",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-04864",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-04864",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MOXA MGate is a serial communication server produced by Taiwan moxa Technology Co., Ltd.\n\r\n\r\nThe moxa mb3180 / mb3280 / mb3480 series serial communication server has an unauthorized access vulnerability. An attacker can use this vulnerability to reset the system IP, password, and restart the system.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04864",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"id": "VAR-202002-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
],
"trust": 1.3631579
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"last_update_date": "2022-05-04T10:03:38.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MOXA MB3180 / MB3280 / MB3480 series serial communication server has unauthorized access vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/195257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04864"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa mb3180 / mb3280 / mb3480 series serial communication server has unauthorized access vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04864"
}
],
"trust": 0.6
}
}