Login Sign Up

CVE-2020-6991

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in Moxa EDS-G516E Series firmware allows attackers to brute-force weak passwords to gain unauthorized access. It affects industrial network equipment running firmware version 5.2 or lower. The high CVSS score indicates critical risk requiring immediate attention.

💻 Affected Systems

Products:
  • Moxa EDS-G516E Series
Versions: Version 5.2 and lower
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected firmware versions are vulnerable unless password policies have been strengthened.

📦 What is this software?

Eds 510e Firmware by Moxa

View all CVEs affecting Eds 510e Firmware →

Eds G516e Firmware by Moxa

View all CVEs affecting Eds G516e Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial network equipment allowing attackers to disrupt operations, modify configurations, or use as pivot point into OT networks.

🟠

Likely Case

Unauthorized access to network devices enabling configuration changes, traffic interception, or denial of service.

🟢

If Mitigated

Limited impact with strong password policies and network segmentation preventing brute-force attempts.

🌐 Internet-Facing: HIGH - Internet-facing devices are directly exposed to brute-force attacks from anywhere.
🏢 Internal Only: MEDIUM - Internal devices still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Brute-force attacks require no authentication and can be automated with common tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.3 or higher

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/moxa-eds-g516e-series-firmware-vulnerability

Restart Required: Yes

Instructions:

1. Download firmware version 5.3 or higher from Moxa website. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Implement Strong Password Policy

all

Enforce complex passwords with minimum length and character requirements

Enable Account Lockout

all

Configure account lockout after failed login attempts

🧯 If You Can't Patch

  • Isolate vulnerable devices in separate VLAN with strict firewall rules
  • Implement network-based intrusion detection to monitor for brute-force attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > Maintenance > Firmware) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 5.3 or higher and test password complexity requirements

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from single IP
  • Successful logins from unusual locations/times

Network Indicators:

  • Rapid authentication attempts to device management interface
  • Traffic patterns matching brute-force tools

SIEM Query:

source="eds-g516e" AND (event_type="authentication_failure" count>10 within 5min)

📊 Metadata

CVE ID: CVE-2020-6991
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-521
Published: March 24, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6991, you might also want to check these:

CVE-2019-4576 9.8

CVE-2019-4576 is a critical authentication vulnerability in IBM QRadar Network Packet Capture where ...

Same vulnerability type (CWE-521)
CVE-2021-20418 9.8

IBM Security Guardium 11.2 has a weak default password policy that doesn't enforce strong passwords,...

Same vulnerability type (CWE-521)
CVE-2021-41296 9.8

ECOA BAS controllers use weak default administrative credentials that can be easily guessed in remot...

Same vulnerability type (CWE-521)