Oncell G3150-hspa-t Firmware Security Vulnerabilities and Issues — Oncell G3150-hspa-t Firmware CVE List

Lucene search

MoxaOncell G3150-hspa-t Firmware

9 matches found

CVE•added 2019/07/03 4:15 p.m.•54 views

CVE-2018-11422

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including devic...

9.8CVSS9.3AI score0.00239EPSS

CVE•added 2019/07/03 3:15 p.m.•49 views

CVE-2018-11426

A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.

9.8CVSS9.6AI score0.00442EPSS

CVE•added 2019/07/03 4:15 p.m.•48 views

CVE-2018-11420

There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

9.8CVSS7.8AI score0.00433EPSS

CVE•added 2019/07/03 4:15 p.m.•45 views

CVE-2018-11423

There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.

7.8CVSS8.7AI score0.00433EPSS

CVE•added 2019/07/03 3:15 p.m.•44 views

CVE-2018-11427

CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.

8.8CVSS8.5AI score0.00141EPSS

CVE•added 2019/07/03 4:15 p.m.•43 views

CVE-2018-11421

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to re...

9.8CVSS9.1AI score0.01113EPSS

CVE•added 2018/03/05 5:29 p.m.•39 views

CVE-2018-5455

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authenticat...

9.8CVSS9.3AI score0.00471EPSS

CVE•added 2018/03/05 5:29 p.m.•32 views

CVE-2018-5449

A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

6.5CVSS6.3AI score0.00071EPSS

CVE•added 2018/03/05 5:29 p.m.•32 views

CVE-2018-5453

An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

7.8CVSS7.3AI score0.0023EPSS