Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for mb3280 by moxa

    VAR-202003-0533

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. plural Moxa MGate A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    Many Moxa products have cross-site request forgery vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0533",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9102",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2019-9102",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014861",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2020-18362",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-9102",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9102",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014861",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9102",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9102",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014861",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18362",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1207",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. plural Moxa MGate A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have cross-site request forgery vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "id": "VAR-202003-0533",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.834000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa products cross-site request forgery vulnerability (CNVD-2020-18362)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209797"
          },
          {
            "title": "Multiple Moxa Repair measures for product cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111954"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9102"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9102"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "date": "2020-03-11T15:15:17.077000",
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18362"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          },
          {
            "date": "2024-11-21T04:50:59.070000",
            "db": "NVD",
            "id": "CVE-2019-9102"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Cross-site request forgery vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014861"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1207"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0529

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. plural Moxa MGate An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    A number of Moxa products have security vulnerabilities that attackers can use to create a temporary denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0529",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9097",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9097",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014921",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18361",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9097",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9097",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014921",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9097",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9097",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014921",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18361",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1189",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. plural Moxa MGate An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nA number of Moxa products have security vulnerabilities that attackers can use to create a temporary denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "id": "VAR-202003-0529",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.807000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Many Moxa products have unknown vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209849"
          },
          {
            "title": "Multiple Moxa Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112470"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9097"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9097"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "date": "2020-03-11T15:15:16.700000",
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18361"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          },
          {
            "date": "2024-11-21T04:50:58.427000",
            "db": "NVD",
            "id": "CVE-2019-9097"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014921"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1189"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0531

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). plural Moxa MGate A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MGate MB3170, etc. are all products of Moxa Company in Taiwan, China. Moxa MGate MB3170 is a MB3170 series Ethernet gateway product. Moxa MGate MB3270 is a MB3270 series Ethernet gateway product. Moxa MGate MB3280 is a MB3280 series Ethernet gateway product. An attacker can use this vulnerability to cause a denial of service or execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0531",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9099",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9099",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014930",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18359",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9099",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9099",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014930",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9099",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9099",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014930",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18359",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1215",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9099",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). plural Moxa MGate A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MGate MB3170, etc. are all products of Moxa Company in Taiwan, China. Moxa MGate MB3170 is a MB3170 series Ethernet gateway product. Moxa MGate MB3270 is a MB3270 series Ethernet gateway product. Moxa MGate MB3280 is a MB3280 series Ethernet gateway product. An attacker can use this vulnerability to cause a denial of service or execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "id": "VAR-202003-0531",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.777000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa product buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209783"
          },
          {
            "title": "Multiple Moxa Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111714"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.7,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9099"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9099"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/120.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "date": "2020-03-11T15:15:16.903000",
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18359"
          },
          {
            "date": "2020-03-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9099"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          },
          {
            "date": "2024-11-21T04:50:58.753000",
            "db": "NVD",
            "id": "CVE-2019-9099"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Classic buffer overflow vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014930"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1215"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0528

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. plural Moxa MGate The device is vulnerable to a weak password request.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    Many Moxa products have weak password vulnerabilities. Attackers can use this vulnerability to gain access through brute force attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0528",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9096",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9096",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014920",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18366",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9096",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9096",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014920",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9096",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9096",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014920",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18366",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1195",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. plural Moxa MGate The device is vulnerable to a weak password request.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have weak password vulnerabilities. Attackers can use this vulnerability to gain access through brute force attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "id": "VAR-202003-0528",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.750000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa products weak password vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209845"
          },
          {
            "title": "Multiple Moxa Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111708"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-521",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9096"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9096"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "date": "2020-03-11T15:15:16.577000",
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18366"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          },
          {
            "date": "2024-11-21T04:50:58.280000",
            "db": "NVD",
            "id": "CVE-2019-9096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Vulnerability in requesting weak passwords on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014920"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1195"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0535

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    Many Moxa products have information disclosure vulnerabilities that attackers can use to access administrative accounts

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0535",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9104",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9104",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014863",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18360",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9104",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9104",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014863",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9104",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9104",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014863",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18360",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1193",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9104",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application\u0027s configuration file contains parameters that represent passwords in cleartext. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have information disclosure vulnerabilities that attackers can use to access administrative accounts",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "id": "VAR-202003-0535",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.720000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa product information disclosure vulnerabilities (CNVD-2020-18360)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209847"
          },
          {
            "title": "Multiple Moxa Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111951"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-312",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.7,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9104"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9104"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/312.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/522.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "date": "2020-03-11T15:15:17.247000",
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18360"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9104"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          },
          {
            "date": "2024-11-21T04:50:59.400000",
            "db": "NVD",
            "id": "CVE-2019-9104"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Inadequate protection of credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014863"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1193"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0527

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    Many Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0527",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9095",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9095",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014864",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18363",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9095",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-9095",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014864",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9095",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9095",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014864",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18363",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1202",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-9095",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "id": "VAR-202003-0527",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.689000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa products weak encryption algorithm vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209827"
          },
          {
            "title": "Multiple Moxa Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111711"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-327",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-522",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.7,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9095"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9095"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/327.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "date": "2020-03-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "date": "2020-03-11T15:15:16.467000",
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18363"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-9095"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          },
          {
            "date": "2024-11-21T04:50:58.117000",
            "db": "NVD",
            "id": "CVE-2019-9095"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Inadequate protection of credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014864"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1202"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0532

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0532",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9101",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9101",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014860",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18365",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9101",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-9101",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014860",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9101",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9101",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014860",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18365",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1197",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "id": "VAR-202003-0532",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.661000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa product plaintext transmission vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209839"
          },
          {
            "title": "Multiple Moxa Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111952"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9101"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9101"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "date": "2020-03-11T15:15:16.980000",
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18365"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          },
          {
            "date": "2020-05-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          },
          {
            "date": "2024-11-21T04:50:58.910000",
            "db": "NVD",
            "id": "CVE-2019-9101"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Vulnerability in plaintext transmission of critical information on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014860"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1197"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0534

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. plural Moxa MGate The device contains a vulnerability related to information leakage.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd.

    Many Moxa products have information disclosure vulnerabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0534",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9103",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9103",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014862",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18364",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9103",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9103",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014862",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9103",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9103",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014862",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18364",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1200",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. plural Moxa MGate The device contains a vulnerability related to information leakage.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. \n\r\n\r\nMany Moxa products have information disclosure vulnerabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9103",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "id": "VAR-202003-0534",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.633000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa product information disclosure vulnerabilities (CNVD-2020-18364)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209835"
          },
          {
            "title": "Multiple Moxa Product information disclosure vulnerability repair measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111953"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9103"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9103"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "date": "2020-03-11T15:15:17.153000",
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18364"
          },
          {
            "date": "2020-03-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          },
          {
            "date": "2020-03-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          },
          {
            "date": "2024-11-21T04:50:59.243000",
            "db": "NVD",
            "id": "CVE-2019-9103"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Information leakage vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014862"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1200"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202003-0530

    Vulnerability from variot - Updated: 2024-11-23 21:36

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0530",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "4.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "2.2"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "3.0"
          },
          {
            "model": "mgate mb3170",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3180",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.1"
          },
          {
            "model": "mgate mb3270",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "4.1"
          },
          {
            "model": "mgate mb3280",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3480",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "3.1"
          },
          {
            "model": "mgate mb3660",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "2.3"
          },
          {
            "model": "mb3180",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.0"
          },
          {
            "model": "mb3280",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3480",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=3.0"
          },
          {
            "model": "mb3660",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=2.2"
          },
          {
            "model": "mb3170",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          },
          {
            "model": "mb3270",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "\u003c=4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3170_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3180_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3270_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3280_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:moxa:mgate_mb3480_router_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:mb3660_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Karpov and Evgeniy Druzhinin from Rostelecom-Solar, and Maxim Kozhevnikov from Positive Technologies",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-9098",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-9098",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014922",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-18367",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9098",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cve@mitre.org",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-9098",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014922",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-9098",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2019-9098",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014922",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-18367",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1210",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-20-056-01",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0720",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "id": "VAR-202003-0530",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          }
        ],
        "trust": 1.35657895
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:36:03.605000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MB3170/MB3180/MB3270/MB3280/MB3480/MB3660 Series Protocol Gateways Vulnerabilities",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "title": "Patch for Multiple Moxa product integer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/209795"
          },
          {
            "title": "Multiple Moxa Product input verification error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112471"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-190",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-01"
          },
          {
            "trust": 1.6,
            "url": "https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9098"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9098"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0720/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "date": "2020-03-11T15:15:16.827000",
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-18367"
          },
          {
            "date": "2020-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          },
          {
            "date": "2020-03-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          },
          {
            "date": "2024-11-21T04:50:58.600000",
            "db": "NVD",
            "id": "CVE-2019-9098"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa MGate Integer overflow vulnerability in device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014922"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1210"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-1689

    Vulnerability from variot - Updated: 2022-05-04 10:03

    MOXA MGate is a serial communication server produced by Taiwan moxa Technology Co., Ltd.

    The moxa mb3180 / mb3280 / mb3480 series serial communication server has an unauthorized access vulnerability. An attacker can use this vulnerability to reset the system IP, password, and restart the system.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1689",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "mb3180",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "mb3280",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "mb3480",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-04864",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2020-04864",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MOXA MGate is a serial communication server produced by Taiwan moxa Technology Co., Ltd.\n\r\n\r\nThe moxa mb3180 / mb3280 / mb3480 series serial communication server has an unauthorized access vulnerability. An attacker can use this vulnerability to reset the system IP, password, and restart the system.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "id": "VAR-202002-1689",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ],
        "trust": 1.3631579
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "last_update_date": "2022-05-04T10:03:38.945000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "MOXA MB3180 / MB3280 / MB3480 series serial communication server has unauthorized access vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/195257"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa mb3180 / mb3280 / mb3480 series serial communication server has unauthorized access vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-04864"
          }
        ],
        "trust": 0.6
      }
    }