CVE-2017-12123 MEDIUM

CVE-2017-12123

Vendor Talos
Product Moxa
Published May 14, 2018
Last update September 16, 2024

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.

Key dates

02Disclosure timeline

May 14, 2018 CVE published
September 16, 2024 Record updated