Sign-up

ID

VAR-201605-0015


CVE

CVE-2016-0876


TITLE

Moxa Secure Router EDR-G903 Vulnerability in obtaining plaintext passwords on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-002968

DESCRIPTION

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. MoxaEDR-G903 is a set of firewall/VPN security router products from Moxa. There are security vulnerabilities in MoxaEDR-G903V3.4.11 and earlier. A privilege-escalation vulnerability 2. An information-disclosure vulnerability 3. A hard coded credentials authentication bypass vulnerability 4. A denial-of-service vulnerability 5. An arbitrary file download vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or gain elevated privileges on the affected device. Other attacks are also possible. EDR-G903 3.4.11 and and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-0876 // JVNDB: JVNDB-2016-002968 // CNVD: CNVD-2016-03389 // BID: 90716 // VULHUB: VHN-88386

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03389

AFFECTED PRODUCTS

vendor:moxamodel:edr-g903scope:ltversion:3.4.12

Trust: 1.0

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.8

vendor:moxamodel:edr-g903 seriesscope:ltversion:3.4.12

Trust: 0.8

vendor:moxamodel:edr-g903scope:gteversion:3.4.11

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03389 // JVNDB: JVNDB-2016-002968 // CNNVD: CNNVD-201605-431 // NVD: CVE-2016-0876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0876
value: HIGH

Trust: 1.0

NVD: CVE-2016-0876
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03389
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-431
value: HIGH

Trust: 0.6

VULHUB: VHN-88386
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-0876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03389
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88386
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0876
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-0876
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03389 // VULHUB: VHN-88386 // JVNDB: JVNDB-2016-002968 // CNNVD: CNNVD-201605-431 // NVD: CVE-2016-0876

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-88386 // JVNDB: JVNDB-2016-002968 // NVD: CVE-2016-0876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-431

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002968

PATCH
title:EDR-G903 シリーズurl:http://japan.moxa.com/product/EDR-G903.htm
Trust: 0.8
title:MoxaEDR-G903 Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/76245
Trust: 0.6
title:Moxa EDR-G903 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61746
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03389 // 
            
            
            
            JVNDB: JVNDB-2016-002968 // 
            
            
            
            CNNVD: CNNVD-201605-431

EXTERNAL IDS
db:NVDid:CVE-2016-0876
Trust: 3.4
db:ICS CERTid:ICSA-16-042-01
Trust: 3.1
db:JVNDBid:JVNDB-2016-002968
Trust: 0.8
db:CNNVDid:CNNVD-201605-431
Trust: 0.7
db:CNVDid:CNVD-2016-03389
Trust: 0.6
db:BIDid:90716
Trust: 0.3
db:VULHUBid:VHN-88386
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03389 // 
            
            
            
            VULHUB: VHN-88386 // 
            
            
            
            BID: 90716 // 
            
            
            
            JVNDB: JVNDB-2016-002968 // 
            
            
            
            CNNVD: CNNVD-201605-431 // 
            
            
            
            NVD: CVE-2016-0876

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-042-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0876
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0876
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03389 // 
            
            
            
            VULHUB: VHN-88386 // 
            
            
            
            JVNDB: JVNDB-2016-002968 // 
            
            
            
            CNNVD: CNNVD-201605-431 // 
            
            
            
            NVD: CVE-2016-0876

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 90716 // 
            
            
            
            CNNVD: CNNVD-201605-431

SOURCES
db:CNVDid:CNVD-2016-03389
db:VULHUBid:VHN-88386
db:BIDid:90716
db:JVNDBid:JVNDB-2016-002968
db:CNNVDid:CNNVD-201605-431
db:NVDid:CVE-2016-0876

LAST UPDATE DATE
2024-08-14T13:57:18.491000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03389date:2016-05-23T00:00:00
db:VULHUBid:VHN-88386date:2016-06-01T00:00:00
db:BIDid:90716date:2016-07-06T14:43:00
db:JVNDBid:JVNDB-2016-002968date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-431date:2022-04-13T00:00:00
db:NVDid:CVE-2016-0876date:2022-04-12T18:04:32.380

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03389date:2016-05-23T00:00:00
db:VULHUBid:VHN-88386date:2016-05-31T00:00:00
db:BIDid:90716date:2016-05-17T00:00:00
db:JVNDBid:JVNDB-2016-002968date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-431date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0876date:2016-05-31T01:59:01.100