Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
MGate MB3180 Series |
Firmware Version 2.2 or lower |
MGate MB3280 Series |
Firmware Version 4.1 or lower |
MGate MB3480 Series |
Firmware Version 3.2 or lower |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series |
Solutions |
MGate MB3180/3280/3480 Series |
To mitigate this issue, please enable ‘HTTPS’ and disable the HTTP console function under ‘Console Settings’.
We also recommend users refer to 'Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series'.(Download Link) |
Acknowledgment:
We would like to express our appreciation to Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI in Mumbai, India., for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Dec 23, 2021 |