// For flags

CVE-2017-12129

 

Severity Score

8.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.

Existe una vulnerabilidad de criptografía de contraseñas débil explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un atacante podría interceptar contraseñas con cifrado débil y realizar ataques de fuerza bruta.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-31 CVE Reserved
  • 2018-05-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moxa
Search vendor "Moxa"
 Edr-810 Firmware
Search vendor "Moxa" for product "Edr-810 Firmware"
 4.1
Search vendor "Moxa" for product "Edr-810 Firmware" and version "4.1"
-
Affected
in Moxa
Search vendor "Moxa"
 Edr-810
Search vendor "Moxa" for product "Edr-810"
--
Safe