Headline
CVE-2017-12127: TALOS-2017-0479 || Cisco Talos Intelligence Group
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
Summary
An password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
Tested Versions
Moxa EDR-810 V4.1 build 17030317
Product URLs
https://www.moxa.com/product/EDR-810.htm
CVSSv3 Score
4.4 - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-256 - Plaintext Storage of a Password
Details
The device stores credentials in plaintext in /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG. This file mirrors the contents of /etc/shadow, except all the passwords are in plaintext.
Exploit Proof-of-Concept
cat /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG
Timeline
2017-11-15 - Vendor Disclosure
2017-11-19 - Vendor Acknowledged
2017-12-25 - Vendor provided timeline for fix (Feb 2018)
2018-01-04 - Timeline pushed to mid-March per vendor
2018-03-24 - Talos follow up with vendor for release timeline
2018-03-26 - Timeline pushed to 4/13/18 per vendor
2018-04-12 - Vendor patched & published new firmware on website
2018-04-13 - Public Release
Discovered by Carlos Pacho of Cisco Talos.