Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moxa NPort 5232-N Serial-to-Ethernet Device (All Versions) Web Console Authentication Bypass

Critical

Synopsis

The detected Moxa NPort 5232-N device may be vulnerable to an Authentication Bypass attack vector.

Description

All versions of Moxa NPort 5232-N Serial-to-Ethernet Device are affected by a flaw that is due to the program exposing UserId information in cookie parameters. This may allow a remote attacker to bypass authentication, and consequently modify settings and data. (CVE-2016-4503)

Solution

The vendor discontinued this product in 2012, and it is no longer supported. No patch or upgrade is available to address the issue. If this product is still in use, it is recommended to replace it with a similar product that is still supported. If replacement is not an option, ensure that access to the product is restricted, both physically and virtually, to authorized users only.