An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before…
mitre·CWE-330·Published 2020-03-11
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
Se detectó un problema en los dispositivos Moxa MGate MB3170 y MB3270 versiones anteriores a la versión 4.1, en los dispositivos MB3280 y MB3480 versiones anteriores a la versión 3.1, en los dispositivos MB3660 versiones anteriores a la versión 2.3 y en los dispositivos MB3180 versiones anteriores a la versión 2.1. Un mecanismo predecible de generación de tokens permite a atacantes remotos omitir el mecanismo de protección de ataques de tipo cross-site request forgery (CSRF).
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 6.5 | — | — | CVSS:3.0/AC:L/AV:N/A:L/C:N/I:L/PR:N/S:U/UI:N |
| 3.0 | Primary | cve.org | 6.5 | — | — | CVSS:3.0/AC:L/AV:N/A:L/C:N/I:L/PR:N/S:U/UI:N |
| 3.0 | Secondary | NVD | 6.5 | 3.9 | 2.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |