Vulnerability Description
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
Related Weaknesses (CWE)
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cv
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cv
FAQ
What is CVE-2024-12297?
CVE-2024-12297 is a documented vulnerability. Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process...
How severe is CVE-2024-12297?
CVSS scoring is not yet available for CVE-2024-12297. Check NVD for updates.
Is there a patch for CVE-2024-12297?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.