The affected products and firmware versions are shown below.
|MGate MB3180 Series
||Firmware Version 2.2 or lower
|MGate MB3280 Series
||Firmware Version 4.1 or lower
|MGate MB3480 Series
||Firmware Version 3.2 or lower
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
|MGate MB3180/3280/3480 Series
||To mitigate this issue, please enable ‘HTTPS’ and disable the HTTP console function under ‘Console Settings’.
We also recommend users refer to 'Tech Note: Moxa Security Hardening Guide for MGate MB3000 Series'.(Download Link)
We would like to express our appreciation to Parul Sindhwad, Anurag M. Chevendra, and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI in Mumbai, India., for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
||Dec 23, 2021