CVE-2017-16727
CRITICALMoxa NPort W2150A <1.11, Moxa NPort W2250A <1.11 - Info Disclosure
Title source: llmDescription
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
References (2)
Core 2
Core References
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102254
Scores
CVSS v3
9.1
EPSS
0.0151
EPSS Percentile
71.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-255
CWE-521
Status
published
Products (3)
moxa/nport_w2150a_firmware
< 1.11
moxa/nport_w2250a_firmware
< 1.11
n/a/Moxa NPort W2150A and W2250A
Moxa NPort W2150A and W2250A
Published
Dec 22, 2017
Tracked Since
Feb 18, 2026