CVE-2019-9096

CRITICAL

Moxa MGate - Auth Bypass

Title source: llm

Description

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.

References (2)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-20-056-01

[Vendor Advisory] https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities

Scores

CVSS v3 9.8

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521

Status published

Products (6)

moxa/mb3170_firmware < 4.0

moxa/mb3180_firmware < 2.0

moxa/mb3270_firmware < 4.0

moxa/mb3280_firmware < 3.0

moxa/mb3480_firmware < 3.0

moxa/mb3660_firmware < 2.2

Published Mar 11, 2020

Tracked Since Feb 18, 2026