CVE-2019-9102
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism.
Se detectó un problema en los dispositivos Moxa MGate MB3170 y MB3270 versiones anteriores a la versión 4.1, en los dispositivos MB3280 y MB3480 versiones anteriores a la versión 3.1, en los dispositivos MB3660 versiones anteriores a la versión 2.3 y en los dispositivos MB3180 versiones anteriores a la versión 2.1. Un mecanismo predecible de generación de tokens permite a atacantes remotos omitir el mecanismo de protección de ataques de tipo cross-site request forgery (CSRF).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-24 CVE Reserved
- 2020-03-11 CVE Published
- 2024-04-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-056-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Mb3170 Firmware Search vendor "Moxa" for product "Mb3170 Firmware" | <= 4.0 Search vendor "Moxa" for product "Mb3170 Firmware" and version " <= 4.0" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3170 Search vendor "Moxa" for product "Mb3170" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Mb3270 Firmware Search vendor "Moxa" for product "Mb3270 Firmware" | <= 4.0 Search vendor "Moxa" for product "Mb3270 Firmware" and version " <= 4.0" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3270 Search vendor "Moxa" for product "Mb3270" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Mb3180 Firmware Search vendor "Moxa" for product "Mb3180 Firmware" | <= 2.0 Search vendor "Moxa" for product "Mb3180 Firmware" and version " <= 2.0" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3180 Search vendor "Moxa" for product "Mb3180" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Mb3280 Firmware Search vendor "Moxa" for product "Mb3280 Firmware" | <= 3.0 Search vendor "Moxa" for product "Mb3280 Firmware" and version " <= 3.0" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3280 Search vendor "Moxa" for product "Mb3280" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Mb3480 Firmware Search vendor "Moxa" for product "Mb3480 Firmware" | <= 3.0 Search vendor "Moxa" for product "Mb3480 Firmware" and version " <= 3.0" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3480 Search vendor "Moxa" for product "Mb3480" | - | - |
Safe
|
| Moxa Search vendor "Moxa" | Mb3660 Firmware Search vendor "Moxa" for product "Mb3660 Firmware" | <= 2.2 Search vendor "Moxa" for product "Mb3660 Firmware" and version " <= 2.2" | - |
Affected
| in | Moxa Search vendor "Moxa" | Mb3660 Search vendor "Moxa" for product "Mb3660" | - | - |
Safe
|