CVE-2021-4161

ICSA-21-357-01 Moxa MGate Protocol Gateways

CVSS 9.8 CRITICALEPSS 0.7%CWE-319

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 0.7%KEV nãoPoC —Patch —

Lifecycle

27 Dec 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Moxa · MGate MB3180 Series Moxa · MGate MB3280 Series Moxa · MGate MB3480 Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01