CVE-2017-16727
First published: Fri Dec 22 2017(Updated: )
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa NPort W2150A/W2250A Series | <1.11 | |
| Moxa NPort W2150A/W2250A Series | ||
| Moxa Nport W2x50a Firmware | <1.11 | |
| Moxa NPort W2150A/W2250A Series |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16727?
CVE-2017-16727 is considered to be of high severity due to the risk of unauthorized access to the device.
How do I fix CVE-2017-16727?
To fix CVE-2017-16727, upgrade the firmware of Moxa NPort W2150A and W2250A to version 1.11 or later.
What devices are affected by CVE-2017-16727?
CVE-2017-16727 affects Moxa NPort W2150A versions prior to 1.11 and NPort W2250A versions prior to 1.11.
What is the default password issue with CVE-2017-16727?
The default password for devices affected by CVE-2017-16727 is empty, allowing unauthorized users to access the device.
What can an attacker gain by exploiting CVE-2017-16727?
An attacker exploiting CVE-2017-16727 can fully compromise the device due to unauthorized access.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/moxa
- canonical/moxa nport w2150a/w2250a series
- canonical/moxa nport w2x50a firmware