icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Moxa NPort 5232-N Serial-to-Ethernet Device (All Versions) Web Console Authentication Bypass

Synopsis

The detected Moxa NPort 5232-N device may be vulnerable to an Authentication Bypass attack vector.

Description

All versions of Moxa NPort 5232-N Serial-to-Ethernet Device are affected by a flaw that is due to the program exposing UserId information in cookie parameters. This may allow a remote attacker to bypass authentication, and consequently modify settings and data. (CVE-2016-4503)

Solution

The vendor discontinued this product in 2012, and it is no longer supported. No patch or upgrade is available to address the issue. If this product is still in use, it is recommended to replace it with a similar product that is still supported. If replacement is not an option, ensure that access to the product is restricted, both physically and virtually, to authorized users only.