Lucene search

[email protected]NVD:CVE-2023-4204

HistoryAug 16, 2023 - 4:15 p.m.

CVE-2023-4204

2023-08-1616:15:11

CWE-798

[email protected]

web.nvd.nist.gov

nport iaw5000a-i/o

firmware v2.2

hardcoded credential

vulnerability

potential risk

security

integrity

firmware manipulation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.

Affected configurations

NVD

Node

moxanport_iaw5000a-i\/o_firmwareRange≤2.2

AND

moxanport_iaw5000a-i\/oMatch-

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-230304-nport-iaw5000a-i-o-series-hardcoded-credential-vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for NVD:CVE-2023-4204

prion1 cnvd1 cvelist1 nessus1 cve1