First published: Wed Aug 16 2023(Updated: )
NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.
Credit: psirt@moxa.com psirt@moxa.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa Nport Iaw5000a-i\/o Firmware | <=2.2 | |
Moxa Nport Iaw5000a-i\/o | ||
All of | ||
Moxa Nport Iaw5000a-i\/o Firmware | <=2.2 | |
Moxa Nport Iaw5000a-i\/o |
Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * NPort IAW5000A-I/O Series: Please contact Moxa Technical Support for the security patch.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-4204 is critical with a severity value of 9.8.
CVE-2023-4204 affects NPort IAW5000A-I/O Series firmware version v2.2 and prior by posing a potential risk to the security and integrity of the affected device.
CVE-2023-4204 is a hardcoded credential vulnerability in NPort IAW5000A-I/O Series firmware version v2.2 and prior due to the presence of a hardcoded key.
To fix CVE-2023-4204, it is recommended to update NPort IAW5000A-I/O Series firmware to a version that is not affected by the vulnerability.
More information about CVE-2023-4204 can be found in the security advisory provided by Moxa: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability