CVE-2019-9101

Vulnerability

An issue was discovered in Moxa MGate MB3170, MB3180, MB3270, MB3280, MB3480, and MB3660 series protocol gateways prior to firmware versions 4.1, 2.1, 4.1, 3.1, 3.1, and 2.3 respectively [1]. The web server transmits sensitive information, including credentials, in cleartext over the network [1][2]. This vulnerability corresponds to Cleartext Transmission of Sensitive Information (CWE-319) [1].

Exploitation

An attacker with the ability to observe network traffic between a web browser and the affected gateway can capture cleartext credentials without any authentication or special privileges [1][2]. The attack can be performed remotely and requires low skill [1]. No user interaction beyond normal administrative use of the web interface is needed.

Impact

Successful exploitation allows the attacker to obtain login credentials (usernames and passwords) transmitted in cleartext [1][2]. This can lead to unauthorized access to the gateway, potentially enabling further attacks such as device configuration changes or network access.

Mitigation

Moxa has released updated firmware to address this vulnerability: MB3170/MB3270 firmware version 4.1, MB3180 firmware version 2.1, MB3280/MB3480 firmware version 3.1, and MB3660 firmware version 2.3 [1][2]. Users should update to these fixed versions as soon as possible. If immediate patching is not possible, it is recommended to restrict network access to the web interface and use encrypted channels (e.g., VPN) to protect traffic.