var-202003-1668
Vulnerability from variot
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. Moxa EDS-G516E A classic buffer overflow vulnerability exists in the series firmware.Service operation interruption (DoS) It may be put into a state. Moxa EDS-G516E is a managed switch from Moxa, Taiwan. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mds-g516e",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.2"
},
{
"model": "eds-g516e",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "mds g516e",
"version": "*"
},
{
"model": "eds-g516e",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.2"
}
],
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:moxa:eds-g516e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
}
]
},
"cve": "CVE-2020-6999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-6999",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003425",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-19932",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "84df500c-409c-46cd-8c19-9a913469f3e3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-6999",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003425",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-6999",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-003425",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-19932",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1630",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. Moxa EDS-G516E A classic buffer overflow vulnerability exists in the series firmware.Service operation interruption (DoS) It may be put into a state. Moxa EDS-G516E is a managed switch from Moxa, Taiwan. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6999"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6999",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-056-04",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2020-19932",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425",
"trust": 0.8
},
{
"db": "IVD",
"id": "84DF500C-409C-46CD-8C19-9A913469F3E3",
"trust": 0.2
},
{
"db": "IVD",
"id": "9DEDD6D9-6012-4511-9F7C-C0F8518A4AB3",
"trust": 0.2
},
{
"db": "IVD",
"id": "B6594321-DDB7-44B7-8B8E-0FFC0C94D3A0",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"id": "VAR-202003-1668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
}
],
"trust": 1.7555556
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
}
]
},
"last_update_date": "2024-11-23T21:36:01.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for Moxa EDS-G516E buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/211331"
},
{
"title": "Moxa EDS-G516E Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113032"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-056-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6999"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"date": "2020-03-26T00:00:00",
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"date": "2020-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"date": "2020-03-26T13:15:13.610000",
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-19932"
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003425"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1630"
},
{
"date": "2024-11-21T05:36:27.883000",
"db": "NVD",
"id": "CVE-2020-6999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDS-G516E Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNVD",
"id": "CNVD-2020-19932"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "84df500c-409c-46cd-8c19-9a913469f3e3"
},
{
"db": "IVD",
"id": "9dedd6d9-6012-4511-9f7c-c0f8518a4ab3"
},
{
"db": "IVD",
"id": "b6594321-ddb7-44b7-8b8e-0ffc0c94d3a0"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1630"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.