CVE-2016-5804
CRITICALMoxa MGate MB3180 < 1.8, MB3280 < 2.7, MB3480 < 2.6, MB3170 < 2.5, MB3270 < 2.7 - Weak Encryption Authentication Bypass
Title source: llmDescription
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-196-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91777
Scores
CVSS v3
9.8
EPSS
0.0018
EPSS Percentile
39.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-326
Status
published
Products (5)
moxa/mgate_mb3170_firmware
< 2.5
moxa/mgate_mb3180_firmware
< 1.8
moxa/mgate_mb3270_firmware
< 2.7
moxa/mgate_mb3280_firmware
< 2.7
moxa/mgate_mb3480_firmware
< 2.6
Published
Jul 15, 2016
Tracked Since
Feb 18, 2026