CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-4694

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.2%

CVSS Severity

CVSS v2 Score 7.6

References

http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf
http://www.moxa.com/support/download.aspx?type=support&id=492
http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf
http://www.moxa.com/support/download.aspx?type=support&id=492

Products affected by CVE-2012-4694

Moxa » Edr G903 Firmware » Version: Any

cpe:2.3:a:moxa:edr_g903_firmware:*
Moxa » Edr G903 Firmware » Version: 1.0

cpe:2.3:a:moxa:edr_g903_firmware:1.0
Moxa » Edr G903 Firmware » Version: 2.0

cpe:2.3:a:moxa:edr_g903_firmware:2.0
Moxa » Edr G903 Firmware » Version: 2.1

cpe:2.3:a:moxa:edr_g903_firmware:2.1
Moxa » Edr-G903 » Version: N/A

cpe:2.3:h:moxa:edr-g903:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-4694

Products

Pricing

Contact Us