- Description
- Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
- Source
- psirt@moxa.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- psirt@moxa.com
- CWE-656
- Hype score
- Not currently trending
==== 資安雙週報 (250201) ==== 初一十五除了呷菜喔外 也要關心一下安全圈的消息 - 空殼帳號? - 新創公司的通病? - CVE-2024-7344 bypass bootloader - CVE-2024-12297 bypass auth
@PTTNetSecurity
1 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
4 Replies
0 Quotes
Moxa EDS-508A Series の脆弱性 CVE-2024-12297 (CVSS 9.2) が FIX:パッチ適用前の緩和策も提供 https://t.co/vko6zzWYKt Moxa EDS-508A の脆弱性 CVE-2024-12297 が FIX しました。ご利用のチームは、ご注意ください。Moxa 関連の直近の記事は、2025/01/04 の「Moxa 製品の脆弱性… https://t.co/HPoqC0iGJY
@iototsecnews
29 Jan 2025
70 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Moxa warns of a critical vulnerability (CVE-2024-12297) in EDS-508A Series Ethernet switches, allowing unauthorized access. A patch is available for affected devices. 🔒 #Moxa #NetworkSecurity #Taiwan link: https://t.co/ePsoe0doy8 https://t.co/zfVAdmVfBK
@TweetThreatNews
20 Jan 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series Learn about the critical vulnerability CVE-2024-12297 affecting Moxa's EDS-508A Series Ethernet switches. Discover the potential risks and how to mitigate them. https://t.co/jKwL6nGNbR
@the_yellow_fall
19 Jan 2025
369 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-12297 | Moxa EDS-508A up to 3.11 reliance on security through obscurity) has been published on https://t.co/D5pKpZwbzd
@WolfgangSesin
15 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes