Sign-up

ID

VAR-201605-0018


CVE

CVE-2016-0879


TITLE

Moxa Secure Router EDR-G903 Vulnerabilities that capture important information on devices

Trust: 0.8

sources: JVNDB: JVNDB-2016-002969

DESCRIPTION

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. MoxaEDR-G903 is a set of firewall/VPN security router products from Moxa. There are security vulnerabilities in MoxaEDR-G903V3.4.11 and earlier. A privilege-escalation vulnerability 2. An information-disclosure vulnerability 3. A hard coded credentials authentication bypass vulnerability 4. A denial-of-service vulnerability 5. An arbitrary file download vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or gain elevated privileges on the affected device. Other attacks are also possible. EDR-G903 3.4.11 and and prior are vulnerable

Trust: 2.52

sources: NVD: CVE-2016-0879 // JVNDB: JVNDB-2016-002969 // CNVD: CNVD-2016-03392 // BID: 90716 // VULHUB: VHN-88389

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03392

AFFECTED PRODUCTS

vendor:moxamodel:edr-g903scope:ltversion:3.4.12

Trust: 1.0

vendor:moxamodel:edr-g903scope: - version: -

Trust: 0.8

vendor:moxamodel:edr-g903 seriesscope:ltversion:3.4.12

Trust: 0.8

vendor:moxamodel:edr-g903scope:gteversion:3.4.11

Trust: 0.6

vendor:moxamodel:edr-g903scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03392 // JVNDB: JVNDB-2016-002969 // CNNVD: CNNVD-201605-434 // NVD: CVE-2016-0879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0879
value: HIGH

Trust: 1.0

NVD: CVE-2016-0879
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-03392
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201605-434
value: HIGH

Trust: 0.6

VULHUB: VHN-88389
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0879
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-03392
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-88389
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0879
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2016-0879
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03392 // VULHUB: VHN-88389 // JVNDB: JVNDB-2016-002969 // CNNVD: CNNVD-201605-434 // NVD: CVE-2016-0879

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-88389 // JVNDB: JVNDB-2016-002969 // NVD: CVE-2016-0879

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-434

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201605-434

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002969

PATCH
title:EDR-G903 シリーズurl:http://japan.moxa.com/product/EDR-G903.htm
Trust: 0.8
title:MoxaEDR-G903 is not authorized to patch vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/76247
Trust: 0.6
title:Moxa EDR-G903 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61749
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03392 // 
            
            
            
            JVNDB: JVNDB-2016-002969 // 
            
            
            
            CNNVD: CNNVD-201605-434

EXTERNAL IDS
db:NVDid:CVE-2016-0879
Trust: 3.4
db:ICS CERTid:ICSA-16-042-01
Trust: 3.1
db:JVNDBid:JVNDB-2016-002969
Trust: 0.8
db:CNNVDid:CNNVD-201605-434
Trust: 0.7
db:CNVDid:CNVD-2016-03392
Trust: 0.6
db:BIDid:90716
Trust: 0.3
db:VULHUBid:VHN-88389
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03392 // 
            
            
            
            VULHUB: VHN-88389 // 
            
            
            
            BID: 90716 // 
            
            
            
            JVNDB: JVNDB-2016-002969 // 
            
            
            
            CNNVD: CNNVD-201605-434 // 
            
            
            
            NVD: CVE-2016-0879

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-042-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0879
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0879
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03392 // 
            
            
            
            VULHUB: VHN-88389 // 
            
            
            
            JVNDB: JVNDB-2016-002969 // 
            
            
            
            CNNVD: CNNVD-201605-434 // 
            
            
            
            NVD: CVE-2016-0879

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 90716 // 
            
            
            
            CNNVD: CNNVD-201605-434

SOURCES
db:CNVDid:CNVD-2016-03392
db:VULHUBid:VHN-88389
db:BIDid:90716
db:JVNDBid:JVNDB-2016-002969
db:CNNVDid:CNNVD-201605-434
db:NVDid:CVE-2016-0879

LAST UPDATE DATE
2024-08-14T13:57:18.453000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03392date:2016-05-23T00:00:00
db:VULHUBid:VHN-88389date:2016-06-02T00:00:00
db:BIDid:90716date:2016-07-06T14:43:00
db:JVNDBid:JVNDB-2016-002969date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-434date:2022-04-13T00:00:00
db:NVDid:CVE-2016-0879date:2022-04-12T18:05:17.810

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03392date:2016-05-23T00:00:00
db:VULHUBid:VHN-88389date:2016-05-31T00:00:00
db:BIDid:90716date:2016-05-17T00:00:00
db:JVNDBid:JVNDB-2016-002969date:2016-06-02T00:00:00
db:CNNVDid:CNNVD-201605-434date:2016-05-18T00:00:00
db:NVDid:CVE-2016-0879date:2016-05-31T01:59:04.053