ID
VAR-201712-0120
CVE
CVE-2017-16727
TITLE
Moxa NPort W2150A and W2250A Unauthorized Access Vulnerability
Trust: 0.8
sources:
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1 //
CNVD: CNVD-2017-38102
DESCRIPTION
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. Moxa NPort W2150A and NPort W2250A Contains vulnerabilities related to certificate and password management.Information may be obtained and information may be altered. Moxa's NPortW2150A and NPortW2250A are both serial communication servers used by Moxa to connect industrial serial devices to the network. This may lead to further attacks
Trust: 2.61
sources:
NVD: CVE-2017-16727 //
JVNDB: JVNDB-2017-011707 //
CNVD: CNVD-2017-38102 //
BID: 102254 //
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1 //
CNVD: CNVD-2017-38102
AFFECTED PRODUCTS
| vendor: | moxa | model: | nport w2150a | scope: | lt | version: | 1.11 | Trust: 2.4 |
| vendor: | moxa | model: | nport w2250a | scope: | lt | version: | 1.11 | Trust: 2.4 |
| vendor: | moxa | model: | nport w2250a | scope: | eq | version: | 1.10 | Trust: 0.3 |
| vendor: | moxa | model: | nport w2150a | scope: | eq | version: | 1.10 | Trust: 0.3 |
| vendor: | moxa | model: | nport w2250a | scope: | ne | version: | 1.11 | Trust: 0.3 |
| vendor: | moxa | model: | nport w2150a | scope: | ne | version: | 1.11 | Trust: 0.3 |
| vendor: | nport w2150a | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | nport w2250a | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1 //
CNVD: CNVD-2017-38102 //
BID: 102254 //
JVNDB: JVNDB-2017-011707 //
NVD: CVE-2017-16727
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1 //
CNVD: CNVD-2017-38102 //
JVNDB: JVNDB-2017-011707 //
CNNVD: CNNVD-201712-869 //
NVD: CVE-2017-16727
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.8 |
| problemtype: | CWE-521 | Trust: 1.0 |
sources:
JVNDB: JVNDB-2017-011707 //
NVD: CVE-2017-16727
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201712-869
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-201712-869
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-011707
PATCH
| title: | Firmware for NPort W2x50A Series | url: | https://www.moxa.com/support/download.aspx?type=support&id=14781 | Trust: 0.8 |
| title: | MoxaNPortW2150AandW2250A Unauthorized Access Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/111725 | Trust: 0.6 |
| title: | Moxa NPort W2150A and NPort W2250A Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77318 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-38102 //
JVNDB: JVNDB-2017-011707 //
CNNVD: CNNVD-201712-869
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-16727 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSA-17-355-01 | Trust: 2.7 |
| db: | BID | id: | 102254 | Trust: 2.5 |
| db: | CNVD | id: | CNVD-2017-38102 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201712-869 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-011707 | Trust: 0.8 |
| db: | IVD | id: | E2E0B980-39AB-11E9-8759-000C29342CB1 | Trust: 0.2 |
sources:
IVD: e2e0b980-39ab-11e9-8759-000c29342cb1 //
CNVD: CNVD-2017-38102 //
BID: 102254 //
JVNDB: JVNDB-2017-011707 //
CNNVD: CNNVD-201712-869 //
NVD: CVE-2017-16727
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-355-01 | Trust: 2.7 |
| url: | http://www.securityfocus.com/bid/102254 | Trust: 2.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16727 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-16727 | Trust: 0.8 |
| url: | https://www.moxa.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2017-38102 //
BID: 102254 //
JVNDB: JVNDB-2017-011707 //
CNNVD: CNNVD-201712-869 //
NVD: CVE-2017-16727
CREDITS
Federico Maggi
Trust: 0.3
sources:
BID: 102254
SOURCES
| db: | IVD | id: | e2e0b980-39ab-11e9-8759-000c29342cb1 |
| db: | CNVD | id: | CNVD-2017-38102 |
| db: | BID | id: | 102254 |
| db: | JVNDB | id: | JVNDB-2017-011707 |
| db: | CNNVD | id: | CNNVD-201712-869 |
| db: | NVD | id: | CVE-2017-16727 |
LAST UPDATE DATE
2025-04-20T23:42:03.951000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-38102 | date: | 2017-12-26T00:00:00 |
| db: | BID | id: | 102254 | date: | 2017-12-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-011707 | date: | 2018-01-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-869 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-16727 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | IVD | id: | e2e0b980-39ab-11e9-8759-000c29342cb1 | date: | 2017-12-26T00:00:00 |
| db: | CNVD | id: | CNVD-2017-38102 | date: | 2017-12-26T00:00:00 |
| db: | BID | id: | 102254 | date: | 2017-12-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-011707 | date: | 2018-01-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-201712-869 | date: | 2017-12-25T00:00:00 |
| db: | NVD | id: | CVE-2017-16727 | date: | 2017-12-22T02:29:15.027 |