exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Moxa MiiNePort Weak Credential Management / CSRF

Moxa MiiNePort Weak Credential Management / CSRF
Posted May 3, 2016
Authored by Karn Ganeshen

Moxa MiiNePort suffers from cross site request forgery, weak credential management, and sensitive information protection vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2016-2285, CVE-2016-2286, CVE-2016-2295
SHA-256 | 7ed488745e4d059d12d5ec837be93fd1917ea75cdbe335cca37b64e00022a474

Moxa MiiNePort Weak Credential Management / CSRF

Change Mirror Download
*Moxa MiiNePort - Multiple Vulnerabilities*


Multiple vulnerabilities are present in Moxa MiiNePort. Following versions
have been verified, but it is highly probable all other versions are
affected as well.


*About*


Moxa provides a full spectrum of quality products for industrial
networking, computing, and automation, and maintains a distribution and
service network that reaches customers in more than 70 countries. Our
products have connected over 30 million devices worldwide in a wide range
of applications, including factory automation, smart rail, smart grid,
intelligent transportation, oil & gas, marine, and mining. By continually
improving staff expertise in a variety of technologies and markets, we aim
to be the first choice for industrial automation solutions.


Moxa's embedded serial-to-Ethernet device server modules are small, consume
less power, and integration is easy.

The embedded serial-to-Ethernet device servers modules consist of the
MiiNePort serial device server series and the NE device server module
series.


Moxa’s MiiNePort E3 series embedded device servers are designed for
manufacturers who want to add sophisticated network connectivity to their
serial devices with minimal integration effort. The MiiNePort E3 is
empowered by the MiiNe, Moxa’s second generation SoC, which supports 10/100
Mbps Ethernet, up to 921.6 kbps serial baudrate, a versatile selection of
ready-to-use operation modes, and requires only a small amount of power. By
using Moxa’s innovative NetEZ technology, the MiiNePort E3 can be used to
convert any device with a standard serial interface to an Ethernet enabled
device in no time. In addition, the MiiNePort E3 is a compact embedded
device server with an RJ45 connector, making it easy to fit into virtually
any existing serial device.


http://www.moxa.com/product/MiiNePort_E1.htm

http://www.moxa.com/product/MiiNePort_E2.htm

http://www.moxa.com/product/MiiNePort_E3.htm



*Confirmed Device Models + Firmware versions*
Device name MiiNePort_E1_7080
Firmware version 1.1.10 Build 09120714

Device name MiiNePort_E1_4641
Firmware version 1.1.10 Build 09120714

Device name MiiNePort_E2_1242
Firmware version 1.1 Build 10080614

Device name : MiiNePort_E2_4561
Firmware version : 1.1 Build 10080614

Model name MiiNePort E3
Firmware version 1.0 Build 11071409


*Vulnerability Summary*

1. Weak Credentials Management - CVE-2016-2286

2. Sensitive information not protected - CVE-2016-2295

3. Vulnerable to Cross-Site Request Forgery - CVE-2016-2285


*Vulnerability Description*


1. *Weak Credentials Management*

By default, no password is set on the device / application. The device /
application does not enforce a mandatory password change mechanism, forcing
users to a) set/change the password on first login, b) ensure the password
meets complexity requirements, and c) change password periodically.

This allows anyone to access the device over HTTP and Telnet. Access to the
device provides full administrative functionality.

2. *Sensitive information not protected*

Information such as Connect passwords, SNMP community strings is not
protected and shown in clear-text when viewing and / or downloaded device
config (HTTP / Telnet).


3. Vulnerable to Cross-Site Request Forgery

There is no CSRF Token generated per page and / or per (sensitive)
function. Successful exploitation of this vulnerability allows silent
execution of unauthorized actions on the device such as password change,
configuration parameter changes, saving modified configuration, & device
reboot.

+++++
--
Best Regards,
Karn Ganeshen


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close