Vulnerability in Moxa Mgate_mb3180
CVE-2021-4161
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
EPSS: 0.007 (47.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Moxa Mgate_mb3180
- Moxa Mgate_mb3180_firmware
- Moxa Mgate Mb3180 Series — versions all
- Moxa Mgate_mb3280
- Moxa Mgate_mb3280_firmware
- Moxa Mgate Mb3280 Series — versions all 4.1
- Moxa Mgate_mb3480
- Moxa Mgate_mb3480_firmware
- Moxa Mgate Mb3480 Series — versions all 3.2
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-4161?
- CVE-2021-4161 is a critical-severity vulnerability in Moxa Mgate_mb3180, classified under Cleartext Transmission of Sensitive Information. CVSS score: 9.8/10. Published 2021-12-27.
- How severe is CVE-2021-4161?
- Critical severity. CVSS v3 base score is 9.8 out of 10.