Sign-up

ID

VAR-201805-0122


CVE

CVE-2017-12123


TITLE

Moxa EDR-810 Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-013428

DESCRIPTION

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. Moxa EDR-810 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa. The vulnerability is caused by the program transmitting passwords in plain text

Trust: 2.25

sources: NVD: CVE-2017-12123 // JVNDB: JVNDB-2017-013428 // CNVD: CNVD-2018-11720 // VULHUB: VHN-102614

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11720

AFFECTED PRODUCTS

vendor:moxamodel:edr-810scope:eqversion:4.1

Trust: 1.6

vendor:moxamodel:edr-810 seriesscope:eqversion:4.1 build 17030317

Trust: 0.8

vendor:moxamodel:edr-810 buildscope:eqversion:v4.117030317

Trust: 0.6

sources: CNVD: CNVD-2018-11720 // JVNDB: JVNDB-2017-013428 // CNNVD: CNNVD-201707-1630 // NVD: CVE-2017-12123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12123
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12123
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12123
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11720
value: LOW

Trust: 0.6

CNNVD: CNNVD-201707-1630
value: HIGH

Trust: 0.6

VULHUB: VHN-102614
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12123
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11720
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102614
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12123
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12123
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2017-12123
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-11720 // VULHUB: VHN-102614 // JVNDB: JVNDB-2017-013428 // CNNVD: CNNVD-201707-1630 // NVD: CVE-2017-12123 // NVD: CVE-2017-12123

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-102614 // JVNDB: JVNDB-2017-013428 // NVD: CVE-2017-12123

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201707-1630

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1630

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013428

PATCH
title:EDR-810 Seriesurl:https://www.moxa.com/product/EDR-810.htm
Trust: 0.8
title:MoxaEDR-810 password plaintext transmission vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/132221
Trust: 0.6
title:Moxa EDR-810 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99949
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11720 // 
            
            
            
            JVNDB: JVNDB-2017-013428 // 
            
            
            
            CNNVD: CNNVD-201707-1630

EXTERNAL IDS
db:NVDid:CVE-2017-12123
Trust: 3.1
db:TALOSid:TALOS-2017-0475
Trust: 3.1
db:JVNDBid:JVNDB-2017-013428
Trust: 0.8
db:CNNVDid:CNNVD-201707-1630
Trust: 0.7
db:CNVDid:CNVD-2018-11720
Trust: 0.6
db:SEEBUGid:SSVID-97223
Trust: 0.1
db:VULHUBid:VHN-102614
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11720 // 
            
            
            
            VULHUB: VHN-102614 // 
            
            
            
            JVNDB: JVNDB-2017-013428 // 
            
            
            
            CNNVD: CNNVD-201707-1630 // 
            
            
            
            NVD: CVE-2017-12123

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0475
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12123
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12123
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0475
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11720 // 
            
            
            
            VULHUB: VHN-102614 // 
            
            
            
            JVNDB: JVNDB-2017-013428 // 
            
            
            
            CNNVD: CNNVD-201707-1630 // 
            
            
            
            NVD: CVE-2017-12123

SOURCES
db:CNVDid:CNVD-2018-11720
db:VULHUBid:VHN-102614
db:JVNDBid:JVNDB-2017-013428
db:CNNVDid:CNNVD-201707-1630
db:NVDid:CVE-2017-12123

LAST UPDATE DATE
2024-11-23T21:38:58.763000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11720date:2018-06-20T00:00:00
db:VULHUBid:VHN-102614date:2022-12-09T00:00:00
db:JVNDBid:JVNDB-2017-013428date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201707-1630date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12123date:2024-11-21T03:08:52.570

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11720date:2018-06-20T00:00:00
db:VULHUBid:VHN-102614date:2018-05-14T00:00:00
db:JVNDBid:JVNDB-2017-013428date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201707-1630date:2017-07-31T00:00:00
db:NVDid:CVE-2017-12123date:2018-05-14T20:29:00.313