Sign-up

ID

VAR-201605-0016


CVE

CVE-2016-0877


TITLE

Moxa Secure Router EDR-G903 Service disruption on devices (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002952

DESCRIPTION

Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. MoxaEDR-G903 is a set of firewall/VPN security router products from Moxa. There are security vulnerabilities in MoxaEDR-G903V3.4.11 and earlier. A privilege-escalation vulnerability 2. An information-disclosure vulnerability 3. A hard coded credentials authentication bypass vulnerability 4. A denial-of-service vulnerability 5. An arbitrary file download vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or gain elevated privileges on the affected device. Other attacks are also possible. EDR-G903 3.4.11 and and prior are vulnerable

Trust: 2.61

sources: NVD: CVE-2016-0877 // JVNDB: JVNDB-2016-002952 // CNVD: CNVD-2016-03390 // BID: 90716 // VULHUB: VHN-88387 // VULMON: CVE-2016-0877

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03390

AFFECTED PRODUCTS

vendor:moxamodel:edr-g903scope:ltversion:3.4.12

Trust: 1.0

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.8

vendor:moxamodel:edr-g903 seriesscope:ltversion:3.4.12

Trust: 0.8

vendor:moxamodel:edr-g903scope:gteversion:3.4.11

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03390 // JVNDB: JVNDB-2016-002952 // CNNVD: CNNVD-201605-432 // NVD: CVE-2016-0877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0877
value: HIGH

Trust: 1.0

NVD: CVE-2016-0877
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03390
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-432
value: HIGH

Trust: 0.6

VULHUB: VHN-88387
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0877
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0877
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-03390
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88387
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0877
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-0877
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03390 // VULHUB: VHN-88387 // VULMON: CVE-2016-0877 // JVNDB: JVNDB-2016-002952 // CNNVD: CNNVD-201605-432 // NVD: CVE-2016-0877

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-88387 // JVNDB: JVNDB-2016-002952 // NVD: CVE-2016-0877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-432

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201605-432

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002952

PATCH
title:EDR-G903 シリーズurl:http://japan.moxa.com/product/EDR-G903.htm
Trust: 0.8
title:MoxaEDR-G903 Memory Leak Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/76250
Trust: 0.6
title:Moxa EDR-G903 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61747
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03390 // 
            
            
            
            JVNDB: JVNDB-2016-002952 // 
            
            
            
            CNNVD: CNNVD-201605-432

EXTERNAL IDS
db:NVDid:CVE-2016-0877
Trust: 3.5
db:ICS CERTid:ICSA-16-042-01
Trust: 3.2
db:JVNDBid:JVNDB-2016-002952
Trust: 0.8
db:CNNVDid:CNNVD-201605-432
Trust: 0.7
db:CNVDid:CNVD-2016-03390
Trust: 0.6
db:BIDid:90716
Trust: 0.3
db:VULHUBid:VHN-88387
Trust: 0.1
db:VULMONid:CVE-2016-0877
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03390 // 
            
            
            
            VULHUB: VHN-88387 // 
            
            
            
            VULMON: CVE-2016-0877 // 
            
            
            
            BID: 90716 // 
            
            
            
            JVNDB: JVNDB-2016-002952 // 
            
            
            
            CNNVD: CNNVD-201605-432 // 
            
            
            
            NVD: CVE-2016-0877

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-042-01
Trust: 3.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0877
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0877
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/772.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03390 // 
            
            
            
            VULHUB: VHN-88387 // 
            
            
            
            VULMON: CVE-2016-0877 // 
            
            
            
            JVNDB: JVNDB-2016-002952 // 
            
            
            
            CNNVD: CNNVD-201605-432 // 
            
            
            
            NVD: CVE-2016-0877

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 90716 // 
            
            
            
            CNNVD: CNNVD-201605-432

SOURCES
db:CNVDid:CNVD-2016-03390
db:VULHUBid:VHN-88387
db:VULMONid:CVE-2016-0877
db:BIDid:90716
db:JVNDBid:JVNDB-2016-002952
db:CNNVDid:CNNVD-201605-432
db:NVDid:CVE-2016-0877

LAST UPDATE DATE
2024-08-14T13:57:18.378000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03390date:2016-05-23T00:00:00
db:VULHUBid:VHN-88387date:2016-05-31T00:00:00
db:VULMONid:CVE-2016-0877date:2022-04-12T00:00:00
db:BIDid:90716date:2016-07-06T14:43:00
db:JVNDBid:JVNDB-2016-002952date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-432date:2022-04-13T00:00:00
db:NVDid:CVE-2016-0877date:2022-04-12T18:04:50.870

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03390date:2016-05-23T00:00:00
db:VULHUBid:VHN-88387date:2016-05-31T00:00:00
db:VULMONid:CVE-2016-0877date:2016-05-31T00:00:00
db:BIDid:90716date:2016-05-17T00:00:00
db:JVNDBid:JVNDB-2016-002952date:2016-06-01T00:00:00
db:CNNVDid:CNNVD-201605-432date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0877date:2016-05-31T01:59:02.133