CVE-2021-46082

Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mgate-5109-5101-protocol-gateways-vulnerability	Patch Vendor Advisory
https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:moxa:tn-5916-wv-t:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:tn-5916-wv-t_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:moxa:tn-5916-wv-ct-t:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:tn-5916-wv-ct-t_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:moxa:mgate_5109:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:mgate_5109_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:moxa:mgate_5109-t:-:*:*:*:*:*:*:*

cpe:2.3:o:moxa:mgate_5109-t_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:moxa:mgate_5101-pbm-mn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:mgate_5101-pbm-mn:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:moxa:mgate_5101-pbm-mn-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:mgate_5101-pbm-mn-t:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-18 20:15

Updated : 2022-02-26 03:42

NVD link : CVE-2021-46082

Mitre link : CVE-2021-46082

CVE.ORG link : CVE-2021-46082

JSON object : View

Products Affected

moxa

tn-5916-wv-ct-t
mgate_5109-t_firmware
tn-5916-wv-ct-t_firmware
mgate_5109
tn-5916-wv-t_firmware
mgate_5101-pbm-mn
mgate_5101-pbm-mn_firmware
mgate_5101-pbm-mn-t_firmware
tn-5916-wv-t
mgate_5101-pbm-mn-t
mgate_5109_firmware
mgate_5109-t

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2021-46082", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-02-18T20:15:11.533", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mgate-5109-5101-protocol-gateways-vulnerability", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerability", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets."}, {"lang": "es", "value": "Se ha detectado que los enrutadores de la serie Moxa TN-5900 versi\u00f3n v3.1, las pasarelas de protocolo de la serie MGate 5109 versi\u00f3n v2.2 y las pasarelas de protocolo de la serie MGate 5101-PBM-MN versi\u00f3n v2.1, contienen una p\u00e9rdida de memoria que permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio de paquetes dise\u00f1ados"}], "lastModified": "2022-02-26T03:42:13.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:tn-5916-wv-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8002FD38-5728-4F33-B226-C089160CFCBC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:tn-5916-wv-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD5B5851-38A6-4804-A1B7-648ECF298F74", "versionEndIncluding": "3.1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:tn-5916-wv-ct-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A14A700-3B99-4B1E-B840-CE4EA0BA7BC6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:tn-5916-wv-ct-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10408164-2582-4C52-BD63-E2992603F9CC", "versionEndIncluding": "3.1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:mgate_5109:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "007DDCE4-2833-4455-9F63-8F950F57CA81"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:mgate_5109_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38741814-45D2-47CA-A7FF-C25DCBA5F22C", "versionEndIncluding": "2.2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:mgate_5109-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92068FD7-F13C-434B-9ABE-D4EC6F01456F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:mgate_5109-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B56520BB-8327-418D-9EE7-5C2875185E57", "versionEndIncluding": "2.2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:mgate_5101-pbm-mn_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B414712-E6AB-4EAC-A463-292C650859AC", "versionEndIncluding": "2.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:mgate_5101-pbm-mn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8520741-E93C-4BB6-8381-29E007AB9D70"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:mgate_5101-pbm-mn-t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "759A24D3-4871-4609-9451-B496D05A23F8", "versionEndIncluding": "2.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:mgate_5101-pbm-mn-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65282419-FF14-41D8-9FBC-417AA03E1643"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}