An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-056-01 | Third Party Advisory US Government Resource |
https://www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilities | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2020-03-11 08:15
Updated : 2021-07-21 04:39
NVD link : CVE-2019-9102
Mitre link : CVE-2019-9102
JSON object : View
CWE
CWE-330
Use of Insufficiently Random Values
Products Affected
moxa
- mb3180_firmware
- mb3280_firmware
- mb3180
- mb3280
- mb3480
- mb3270_firmware
- mb3170_firmware
- mb3170
- mb3660
- mb3480_firmware
- mb3270
- mb3660_firmware