Details of VAR-201609-0690

ID

VAR-201609-0690

TITLE

Moss Technology (Shanghai) Co., Ltd. Nport 5110 device has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-06623

DESCRIPTION

The MOXA Nport 5110 is a serial communication server. Mosha Technology (Shanghai) Co., Ltd. Nport 5110 device has a blank password vulnerability, allowing an attacker to use this vulnerability to log in to the system background, gain administrator privileges, and obtain device sensitive information

Trust: 1.08

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

AFFECTED PRODUCTS

vendor:

mosha

model:

nport

scope:

version:

5110

Trust: 1.2

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06623
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2016-06622
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-06623
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2016-06622
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

PATCH

title:	NPort 5110 Firmware 2.6.1 Build 16121317	url:	https://www.cnvd.org.cn/patchinfo/show/86886	Trust: 0.6
title:	NPort 5110 Firmware 2.6	url:	https://www.cnvd.org.cn/patchinfo/show/87504	Trust: 0.6

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

EXTERNAL IDS

db:	WOOYUN	id:	WOOYUN-2016-0219104	Trust: 1.2
db:	CNVD	id:	CNVD-2016-06623	Trust: 0.6
db:	CNVD	id:	CNVD-2016-06622	Trust: 0.6

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

REFERENCES

url:

http://www.wooyun.org/bugs/wooyun-2016-0219104

Trust: 1.2

sources: CNVD: CNVD-2016-06623 // CNVD: CNVD-2016-06622

SOURCES

db:	CNVD	id:	CNVD-2016-06623
db:	CNVD	id:	CNVD-2016-06622

LAST UPDATE DATE

2022-05-17T02:01:06.223000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06623	date:	2016-12-28T00:00:00
db:	CNVD	id:	CNVD-2016-06622	date:	2017-01-05T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06623	date:	2016-09-14T00:00:00
db:	CNVD	id:	CNVD-2016-06622	date:	2016-09-14T00:00:00