CVE-2017-16727 - OpenCVE

A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moxa	Nport W2150a Nport W2150a Firmware Nport W2250a Nport W2250a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:nport_w2150a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_w2150a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:moxa:nport_w2250a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:nport_w2250a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/102254
https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-12-22T02:00:00

Updated: 2024-08-05T20:35:20.279Z

Reserved: 2017-11-09T00:00:00

Link: CVE-2017-16727

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-22T02:29:15.027

Modified: 2019-10-09T23:25:15.113

Link: CVE-2017-16727

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Moxa NPort W2150A and W2250A", "vendor": "n/a", "versions": [{"status": "affected", "version": "Moxa NPort W2150A and W2250A"}]}], "datePublic": "2017-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-255", "description": "CWE-255", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-23T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01"}, {"name": "102254", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102254"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16727", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Moxa NPort W2150A and W2250A", "version": {"version_data": [{"version_value": "Moxa NPort W2150A and W2250A"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-255"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01"}, {"name": "102254", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102254"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:20.279Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01"}, {"name": "102254", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102254"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16727", "datePublished": "2017-12-22T02:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.279Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_w2150a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED96B77F-29F2-48EB-871D-B8DB3EC4378C", "versionEndExcluding": "1.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_w2150a:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E4BE331-7243-4BBC-BEFD-213B5C33441F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:nport_w2250a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF1412DF-5C9C-490A-8F6B-C8FF29079A12", "versionEndExcluding": "1.11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:nport_w2250a:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D6E4427-6FD7-412F-B2EC-5A0E99A5E343", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic."}, {"lang": "es", "value": "Se descubri\u00f3 un problema de gesti\u00f3n de credenciales en Moxa NPort W2150A en versiones anteriores a la 1.11 y NPort W2250A en versiones anteriores a la 1.11. La contrase\u00f1a por defecto est\u00e1 vac\u00eda en el dispositivo. Un usuario no autorizado puede acceder al dispositivo sin una contrase\u00f1a. Un usuario no autorizado puede comprometer por completo la confidencialidad e integridad del tr\u00e1fico de red inal\u00e1mbrica."}], "id": "CVE-2017-16727", "lastModified": "2019-10-09T23:25:15.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-22T02:29:15.027", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102254"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-255"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}