CVE-2024-12297

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.

CVSS

No CVSS.

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches

Configurations

No configuration.

History

06 Mar 2025, 09:15

Type	Values Removed	Values Added
Summary		(es) El conmutador Ethernet de la serie EDS-508A de Moxa, que ejecuta la versión de firmware 3.11 y anteriores, es vulnerable a una omisión de autenticación debido a fallos en su mecanismo de autorización. Aunque en el proceso intervienen tanto la verificación del lado del cliente como la del servidor back-end, los atacantes pueden explotar las debilidades en su implementación. Estas vulnerabilidades pueden permitir ataques de fuerza bruta para adivinar credenciales válidas o ataques de colisión MD5 para falsificar hashes de autenticación, lo que podría comprometer la seguridad del dispositivo.
Summary	(en) Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.	(en) Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
References		() https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches -

15 Jan 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 10:15

Updated : 2025-03-06 09:15

NVD link : CVE-2024-12297

Mitre link : CVE-2024-12297

CVE.ORG link : CVE-2024-12297

JSON object : View

Products Affected

No product.

CWE

CWE-656

Reliance on Security Through Obscurity

JSON object

Attach tags to CVE-2024-12297

Attach tags to `CVE-2024-12297`