CVE-2019-9096
First published: Wed Mar 11 2020(Updated: )
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Mgate MB3170 Firmware | <=4.0 | |
| Moxa MGate MB3170 | ||
| Moxa Mgate Mb3270 Firmware | <=4.0 | |
| Moxa Mgate MB3270 | ||
| Moxa Mgate MB3180 Firmware | <=2.0 | |
| Moxa MGate MB3180 Series | ||
| Moxa Mgate Mb3280 Firmware | <=3.0 | |
| Moxa Mgate Mb3280 | ||
| Moxa Mgate Mb3480 Firmware | <=3.0 | |
| Moxa MGate MB3480 Series | ||
| Moxa Mb3660 Firmware | <=2.2 | |
| Moxa Mb3660 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-9096?
CVE-2019-9096 is rated as a medium severity vulnerability due to insufficient password requirements on Moxa MGate devices.
How do I fix CVE-2019-9096?
To fix CVE-2019-9096, update the affected Moxa MGate devices to the latest firmware version that provides improved password policies.
Which Moxa devices are affected by CVE-2019-9096?
CVE-2019-9096 affects Moxa MGate MB3170, MB3270, MB3180, MB3280, MB3480, and MB3660 devices with specific firmware versions prior to the updates.
Can CVE-2019-9096 be exploited remotely?
Yes, CVE-2019-9096 can potentially be exploited remotely by an attacker who performs a brute-force attack on the MGate web application.
What are the potential impacts of CVE-2019-9096?
The potential impacts of CVE-2019-9096 include unauthorized access to the MGate web application, which could lead to further exploitation of the device.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa mgate mb3170 firmware
- version/moxa mgate mb3170 firmware/4.0
- canonical/moxa mgate mb3170
- canonical/moxa mgate mb3270 firmware
- version/moxa mgate mb3270 firmware/4.0
- canonical/moxa mgate mb3270
- canonical/moxa mgate mb3180 firmware
- version/moxa mgate mb3180 firmware/2.0
- canonical/moxa mgate mb3180 series
- canonical/moxa mgate mb3280 firmware
- version/moxa mgate mb3280 firmware/3.0
- canonical/moxa mgate mb3280
- canonical/moxa mgate mb3480 firmware
- version/moxa mgate mb3480 firmware/3.0
- canonical/moxa mgate mb3480 series
- canonical/moxa mb3660 firmware
- version/moxa mb3660 firmware/2.2