CVE-2019-9103
Description
Moxa MGate MB3xxx series protocol gateways contain an information exposure vulnerability in the built-in web service, allowing remote unauthenticated attackers to disclose usernames and other sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moxa MGate MB3xxx series protocol gateways contain an information exposure vulnerability in the built-in web service, allowing remote unauthenticated attackers to disclose usernames and other sensitive information.
Vulnerability
The built-in web service on Moxa MGate MB3170, MB3270, MB3280, MB3480, MB3660, and MB3180 series protocol gateways exposes sensitive information, such as usernames, without requiring authentication. This is categorized as an Information Exposure (CWE-200) vulnerability. Affected firmware versions are: MB3170/MB3270 before 4.1, MB3280/MB3480 before 3.1, MB3660 before 2.3, and MB3180 before 2.1 [1][2].
Exploitation
An attacker can exploit this vulnerability by sending crafted requests to the built-in web service over the network. No authentication or user interaction is required. The attack is remotely exploitable with low skill level, as the web service is accessible without prior credentials [1].
Impact
Successful exploitation allows an attacker to access sensitive information, including usernames, which could be used to facilitate further attacks such as brute-force or credential stuffing. This compromises the confidentiality of the device [1][2].
Mitigation
Moxa has released firmware updates to address this vulnerability. Users should upgrade to the following fixed versions or later: MB3170/MB3270 to version 4.1, MB3280/MB3480 to version 3.1, MB3660 to version 2.3, and MB3180 to version 2.1. No workarounds are available; updating firmware is the recommended mitigation [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Moxa/MGate MB3170description
- Range: <3.1
- Range: <4.1
- Range: <4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www.moxa.com/en/support/support/security-advisory/mb3710-3180-3270-3280-3480-3660-vulnerabilitiesmitrex_refsource_CONFIRM
- www.us-cert.gov/ics/advisories/icsa-20-056-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.