CVE-2016-9369

🟠 Łataj w tym tygodniu

Brak uwierzytelnienia przy aktualizacji firmware w Moxa NPort umożliwia zdalne wykonanie kodu.

CVSS

9.8

EPSS

7.4%

Exploit

none

Vendor

moxa

Opis źródłowy (NVD)

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.

rce Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	7.4%
Opublikowano (NVD)	2017-02-13 21:59:02 UTC
Ostatnia modyfikacja (NVD)	2026-06-02 20:16:20 UTC

Referencje

http://www.securityfocus.com/bid/85965 (ics-cert@hq.dhs.gov) [Third Party Advisory, VDB Entry]
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02 (ics-cert@hq.dhs.gov) [Third Party Advisory, US Government Resource]