CVE-2012-4712

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.

Los routers de la serie Moxa EDR-G903 con firmware anterior a v2.11 disponen de una cuenta embebida en el código fuente (hardcoded), lo que permite a atacantes remotos obtener acceso no especificado al dispositivo a través de vectores desconocidos.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-28 CVE Reserved
2013-02-15 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (2)

URL	Tag	Source
http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.moxa.com/support/download.aspx?type=support&id=492	2022-04-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Moxa Search vendor "Moxa"	Edr-g903 Firmware Search vendor "Moxa" for product "Edr-g903 Firmware"	< 2.11 Search vendor "Moxa" for product "Edr-g903 Firmware" and version " < 2.11"	-	Affected	in	Moxa Search vendor "Moxa"	Edr-g903 Search vendor "Moxa" for product "Edr-g903"	-	-	Safe