An password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
Moxa EDR-810 V4.1 build 17030317
https://www.moxa.com/product/EDR-810.htm
4.4 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-256 - Plaintext Storage of a Password
The device stores credentials in plaintext in /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG. This file mirrors the contents of /etc/shadow, except all the passwords are in plaintext.
cat /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG