CVE-2024-12297

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12297
CVSS

No CVSS.

M

oxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

References
Link Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches
Configurations

No configuration.

History

06 Mar 2025, 09:15

Type Values Removed Values Added
References
  • () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches -
Summary
  • (es) El conmutador Ethernet de la serie EDS-508A de Moxa, que ejecuta la versión de firmware 3.11 y anteriores, es vulnerable a una omisión de autenticación debido a fallos en su mecanismo de autorización. Aunque en el proceso intervienen tanto la verificación del lado del cliente como la del servidor back-end, los atacantes pueden explotar las debilidades en su implementación. Estas vulnerabilidades pueden permitir ataques de fuerza bruta para adivinar credenciales válidas o ataques de colisión MD5 para falsificar hashes de autenticación, lo que podría comprometer la seguridad del dispositivo.
Summary (en) Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device. (en) Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

15 Jan 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-15 10:15

Updated : 2025-03-06 09:15

NVD link : CVE-2024-12297

Mitre link : CVE-2024-12297

CVE.ORG link : CVE-2024-12297

JSON object : View

Products Affected

No product.

CWE
CWE-656

Reliance on Security Through Obscurity