VAR-201605-0028
Vulnerability from variot - Updated: 2023-12-18 12:30Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. plural Moxa MiiNePort Since the device product firmware uses an empty default password, there is a vulnerability in which access rights can be obtained.Access may be obtained by a third party. Moxa MiiNePort is an embedded device networking module designed for manufacturers to connect serial devices to a network connection.
Moxa MiiNePort failed to force a password change, allowing a remote attacker to use this vulnerability to gain administrative privileges using HTTP and Telnet. Moxa MiiNePort_E2_4561, etc. There are security flaws in several Moxa products, and the flaw is caused by the programs using default blank passwords. A remote attacker could exploit this vulnerability to gain access. Moxa MiiNePort - Multiple Vulnerabilities
Multiple vulnerabilities are present in Moxa MiiNePort. Following versions have been verified, but it is highly probable all other versions are affected as well.
About
Moxa provides a full spectrum of quality products for industrial networking, computing, and automation, and maintains a distribution and service network that reaches customers in more than 70 countries. Our products have connected over 30 million devices worldwide in a wide range of applications, including factory automation, smart rail, smart grid, intelligent transportation, oil & gas, marine, and mining. By continually improving staff expertise in a variety of technologies and markets, we aim to be the first choice for industrial automation solutions.
Moxa's embedded serial-to-Ethernet device server modules are small, consume less power, and integration is easy. The MiiNePort E3 is empowered by the MiiNe, Moxa’s second generation SoC, which supports 10/100 Mbps Ethernet, up to 921.6 kbps serial baudrate, a versatile selection of ready-to-use operation modes, and requires only a small amount of power. By using Moxa’s innovative NetEZ technology, the MiiNePort E3 can be used to convert any device with a standard serial interface to an Ethernet enabled device in no time. In addition, the MiiNePort E3 is a compact embedded device server with an RJ45 connector, making it easy to fit into virtually any existing serial device. Weak Credentials Management - CVE-2016-2286
-
Sensitive information not protected - CVE-2016-2295
-
Vulnerable to Cross-Site Request Forgery - CVE-2016-2285
Vulnerability Description
- Weak Credentials Management
By default, no password is set on the device / application. The device / application does not enforce a mandatory password change mechanism, forcing users to a) set/change the password on first login, b) ensure the password meets complexity requirements, and c) change password periodically.
This allows anyone to access the device over HTTP and Telnet. Access to the device provides full administrative functionality.
- Sensitive information not protected
Information such as Connect passwords, SNMP community strings is not protected and shown in clear-text when viewing and / or downloaded device config (HTTP / Telnet).
- Vulnerable to Cross-Site Request Forgery
There is no CSRF Token generated per page and / or per (sensitive) function. Successful exploitation of this vulnerability allows silent execution of unauthorized actions on the device such as password change, configuration parameter changes, saving modified configuration, & device reboot.
+++++
Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "miineport e2 4561",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport e1 7080",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "1.1.10"
},
{
"model": "miineport e1 4641",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "1.1.10"
},
{
"model": "miineport e2 1242",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 1.0,
"vendor": "moxa",
"version": "1.0"
},
{
"model": "miineport e3",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.0 build 11071409"
},
{
"model": "miineport e1 4641",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1 4641",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1.10 build 09120714"
},
{
"model": "miineport e1 7080",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1 7080",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1.10 build 09120714"
},
{
"model": "miineport e2 1242",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2 1242",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1 build 10080614"
},
{
"model": "miineport e2 4561",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2 4561",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1 build 10080614"
},
{
"model": "miineport",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2 4561",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e3",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1 4641",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e1 7080",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "miineport e2 1242",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e2_1242:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_1242_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e1_7080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_7080_firmware:1.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e2_4561:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e2_4561_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e3_firmware:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:miineport_e1_4641:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:miineport_e1_4641_firmware:1.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "PACKETSTORM",
"id": "136891"
}
],
"trust": 0.1
},
"cve": "CVE-2016-2286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2286",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02874",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91105",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2286",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2286",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02874",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-123",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91105",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. plural Moxa MiiNePort Since the device product firmware uses an empty default password, there is a vulnerability in which access rights can be obtained.Access may be obtained by a third party. Moxa MiiNePort is an embedded device networking module designed for manufacturers to connect serial devices to a network connection. \n\nMoxa MiiNePort failed to force a password change, allowing a remote attacker to use this vulnerability to gain administrative privileges using HTTP and Telnet. Moxa MiiNePort_E2_4561, etc. There are security flaws in several Moxa products, and the flaw is caused by the programs using default blank passwords. A remote attacker could exploit this vulnerability to gain access. *Moxa MiiNePort - Multiple Vulnerabilities*\n\n\nMultiple vulnerabilities are present in Moxa MiiNePort. Following versions\nhave been verified, but it is highly probable all other versions are\naffected as well. \n\n\n*About*\n\n\nMoxa provides a full spectrum of quality products for industrial\nnetworking, computing, and automation, and maintains a distribution and\nservice network that reaches customers in more than 70 countries. Our\nproducts have connected over 30 million devices worldwide in a wide range\nof applications, including factory automation, smart rail, smart grid,\nintelligent transportation, oil \u0026 gas, marine, and mining. By continually\nimproving staff expertise in a variety of technologies and markets, we aim\nto be the first choice for industrial automation solutions. \n\n\nMoxa\u0027s embedded serial-to-Ethernet device server modules are small, consume\nless power, and integration is easy. The MiiNePort E3 is\nempowered by the MiiNe, Moxa\u2019s second generation SoC, which supports 10/100\nMbps Ethernet, up to 921.6 kbps serial baudrate, a versatile selection of\nready-to-use operation modes, and requires only a small amount of power. By\nusing Moxa\u2019s innovative NetEZ technology, the MiiNePort E3 can be used to\nconvert any device with a standard serial interface to an Ethernet enabled\ndevice in no time. In addition, the MiiNePort E3 is a compact embedded\ndevice server with an RJ45 connector, making it easy to fit into virtually\nany existing serial device. Weak Credentials Management - CVE-2016-2286\n\n2. Sensitive information not protected - CVE-2016-2295\n\n3. Vulnerable to Cross-Site Request Forgery - CVE-2016-2285\n\n\n*Vulnerability Description*\n\n\n1. *Weak Credentials Management*\n\nBy default, no password is set on the device / application. The device /\napplication does not enforce a mandatory password change mechanism, forcing\nusers to a) set/change the password on first login, b) ensure the password\nmeets complexity requirements, and c) change password periodically. \n\nThis allows anyone to access the device over HTTP and Telnet. Access to the\ndevice provides full administrative functionality. \n\n2. *Sensitive information not protected*\n\nInformation such as Connect passwords, SNMP community strings is not\nprotected and shown in clear-text when viewing and / or downloaded device\nconfig (HTTP / Telnet). \n\n\n3. Vulnerable to Cross-Site Request Forgery\n\nThere is no CSRF Token generated per page and / or per (sensitive)\nfunction. Successful exploitation of this vulnerability allows silent\nexecution of unauthorized actions on the device such as password change,\nconfiguration parameter changes, saving modified configuration, \u0026 device\nreboot. \n\n+++++\n-- \nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "PACKETSTORM",
"id": "136891"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2286",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-145-01",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "136891",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02874",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-91105",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "PACKETSTORM",
"id": "136891"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"id": "VAR-201605-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
}
]
},
"last_update_date": "2023-12-18T12:30:02.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MiiNePort E3\u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/miineport_e3.htm"
},
{
"title": "MiiNePort E1 \u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/miineport_e1.htm"
},
{
"title": "MiiNePort E2\u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/miineport_e2.htm"
},
{
"title": "Patch for Moxa MiiNePort permission acquisition vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75423"
},
{
"title": "Moxa MiiNePort Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61446"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-145-01"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/136891/moxa-miineport-weak-credential-management-csrf.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2016/may/7"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2286"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2286"
},
{
"trust": 0.1,
"url": "http://www.moxa.com/product/miineport_e1.htm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2285"
},
{
"trust": 0.1,
"url": "http://www.moxa.com/product/miineport_e2.htm"
},
{
"trust": 0.1,
"url": "http://www.moxa.com/product/miineport_e3.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "PACKETSTORM",
"id": "136891"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"db": "VULHUB",
"id": "VHN-91105"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"db": "PACKETSTORM",
"id": "136891"
},
{
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-91105"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"date": "2016-05-03T22:45:50",
"db": "PACKETSTORM",
"id": "136891"
},
{
"date": "2016-05-31T01:59:05.947000",
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"date": "2016-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02874"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-91105"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002970"
},
{
"date": "2016-11-30T03:04:48.233000",
"db": "NVD",
"id": "CVE-2016-2286"
},
{
"date": "2017-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa MiiNePort Vulnerability of obtaining access rights in device product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-123"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…