Moxa MGate 5121/5122/5123 Series Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the MGate 5121, 5122, and 5123 Series, all running firmware version 1.0. This vulnerability arises from inadequate sanitization and encoding of user input in the 'Login Message' feature. An authenticated attacker with administrative privileges can exploit this issue to inject malicious scripts that are persistently stored on the device. These injected scripts are executed when other users visit the login page, potentially leading to unauthorized actions or other consequences, depending on the user's privileges.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the login page.

Remediation

Users are advised to upgrade to version 2.0 or later. For MGate 5121 Series, version 2.0 is available on the Moxa website. MGate 5122 and 5123 Series users should also upgrade to version 2.0 or later. Additionally, minimize network exposure to ensure the device is not accessible from the Internet, and use strong, unique passwords for administrator accounts, restricting access to trusted personnel only.