Sign-up

ID

VAR-201605-0014


CVE

CVE-2016-0875


TITLE

Moxa Secure Router EDR-G903 Device configuration and log file read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002951

DESCRIPTION

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. MoxaEDR-G903 is a secure router product that integrates firewall/VPN. Moxa EDR-G903 Router is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. An information-disclosure vulnerability 3. A hard coded credentials authentication bypass vulnerability 4. A denial-of-service vulnerability 5. An arbitrary file download vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or gain elevated privileges on the affected device. Other attacks are also possible. EDR-G903 3.4.11 and and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-0875 // JVNDB: JVNDB-2016-002951 // CNVD: CNVD-2016-03388 // BID: 90716 // VULHUB: VHN-88385

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03388

AFFECTED PRODUCTS

vendor:moxamodel:edr-g903scope:ltversion:3.4.12

Trust: 1.0

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.8

vendor:moxamodel:edr-g903 seriesscope:ltversion:3.4.12

Trust: 0.8

vendor:moxamodel:edr-g903scope:gteversion:3.4.11

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03388 // JVNDB: JVNDB-2016-002951 // CNNVD: CNNVD-201605-430 // NVD: CVE-2016-0875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0875
value: HIGH

Trust: 1.0

NVD: CVE-2016-0875
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03388
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-430
value: HIGH

Trust: 0.6

VULHUB: VHN-88385
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-0875
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03388
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88385
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0875
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-0875
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03388 // VULHUB: VHN-88385 // JVNDB: JVNDB-2016-002951 // CNNVD: CNNVD-201605-430 // NVD: CVE-2016-0875

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-88385 // JVNDB: JVNDB-2016-002951 // NVD: CVE-2016-0875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-430

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201605-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002951

PATCH
title:EDR-G903 シリーズurl:http://japan.moxa.com/product/EDR-G903.htm
Trust: 0.8
title:Patch for MoxaEDR-G903 Information Disclosure Vulnerability (CNVD-2016-03388)url:https://www.cnvd.org.cn/patchInfo/show/76237
Trust: 0.6
title:Moxa EDR-G903 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61745
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03388 // 
            
            
            
            JVNDB: JVNDB-2016-002951 // 
            
            
            
            CNNVD: CNNVD-201605-430

EXTERNAL IDS
db:NVDid:CVE-2016-0875
Trust: 3.4
db:ICS CERTid:ICSA-16-042-01
Trust: 3.1
db:JVNDBid:JVNDB-2016-002951
Trust: 0.8
db:CNNVDid:CNNVD-201605-430
Trust: 0.7
db:CNVDid:CNVD-2016-03388
Trust: 0.6
db:BIDid:90716
Trust: 0.3
db:VULHUBid:VHN-88385
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03388 // 
            
            
            
            VULHUB: VHN-88385 // 
            
            
            
            BID: 90716 // 
            
            
            
            JVNDB: JVNDB-2016-002951 // 
            
            
            
            CNNVD: CNNVD-201605-430 // 
            
            
            
            NVD: CVE-2016-0875

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-042-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0875
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0875
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03388 // 
            
            
            
            VULHUB: VHN-88385 // 
            
            
            
            JVNDB: JVNDB-2016-002951 // 
            
            
            
            CNNVD: CNNVD-201605-430 // 
            
            
            
            NVD: CVE-2016-0875

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 90716 // 
            
            
            
            CNNVD: CNNVD-201605-430

SOURCES
db:CNVDid:CNVD-2016-03388
db:VULHUBid:VHN-88385
db:BIDid:90716
db:JVNDBid:JVNDB-2016-002951
db:CNNVDid:CNNVD-201605-430
db:NVDid:CVE-2016-0875

LAST UPDATE DATE
2024-08-14T13:57:18.417000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03388date:2016-05-23T00:00:00
db:VULHUBid:VHN-88385date:2016-05-31T00:00:00
db:BIDid:90716date:2016-07-06T14:43:00
db:JVNDBid:JVNDB-2016-002951date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-430date:2022-04-13T00:00:00
db:NVDid:CVE-2016-0875date:2022-04-12T18:03:55.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03388date:2016-05-23T00:00:00
db:VULHUBid:VHN-88385date:2016-05-31T00:00:00
db:BIDid:90716date:2016-05-17T00:00:00
db:JVNDBid:JVNDB-2016-002951date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-430date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0875date:2016-05-31T01:59:00.133