Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
The identified vulnerability types and potential impacts are listed below:
Item |
Vulnerability Type |
Impact |
1 |
CWE-656: Reliance on Security Through Obscurity (CVE-2024-12297)
|
Exploitation of this vulnerability could allow attackers to bypass authentication, perform brute-force or MD5 collision attacks, and gain unauthorized access to sensitive configurations or disrupt services. |
Vulnerability Scoring Details
ID
|
Base Score
|
Vector
|
Unauthenticated Remote Exploits
|
CVE-2024-12297 |
9.2
|
AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
|
Yes |