CVE-2016-0879 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2016-0879?

CVE-2016-0879 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-0879?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Edr-G903 Firmware, Moxa Edr-G903.

Vulnerability Description

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Moxa	Edr-G903 Firmware	< 3.4.12
Moxa	Edr-G903	-

Related Weaknesses (CWE)

CWE-532

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-042-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2016-0879?

CVE-2016-0879 is a vulnerability with a CVSS score of 7.5 (HIGH). Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive informatio...

How severe is CVE-2016-0879?

CVE-2016-0879 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0879?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Edr-G903 Firmware, Moxa Edr-G903.