RSS   Vulnerabilities for 'Oncell g3150-hspa-t firmware'   RSS

2019-07-03
 
CVE-2018-11423

CWE-119
 

 
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.

 
 
CVE-2018-11422

CWE-284
 

 
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.

 
 
CVE-2018-11421

CWE-200
 

 
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.

 
 
CVE-2018-11420

CWE-400
 

 
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

 
 
CVE-2018-11427

CWE-352
 

 
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.

 
 
CVE-2018-11426

CWE-287
 

 
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.

 
2018-03-05
 
CVE-2018-5455

CWE-287
 

 
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

 
 
CVE-2018-5453

CWE-19
 

 
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

 
 
CVE-2018-5449

CWE-476
 

 
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

 

 >>> Vendor: MOXA 88 Products
Device manager
Mdm tool
Activex sdk
Edr g903 firmware
Edr-g903
Oncell gateway g3211
Oncell gateway firmware
Vport activex sdk plus
Softcms
Eds-405a firmware
Eds-408a firmware
Oncell central manager
Ioadmin firmware
Iologik firmware
Miineport e1 4641 firmware
Miineport e1 7080 firmware
Miineport e2 1242 firmware
Miineport e2 4561 firmware
Miineport e3 firmware
Uc-7408 lx-plus
Uc-7408 lx-plus firmware
Pt-7728 firmware
Pt-7728
Device server web console 5232-n firmware
Mgate mb3170 router firmware
Mgate mb3180 router firmware
Mgate mb3270 router firmware
Mgate mb3280 router firmware
Mgate mb3480 router firmware
Oncell g3001 firmware
Oncell g3100v2 firmware
Active opc server
Dacenter
Nport 5100 series firmware
Nport 5400 series firmware
Nport 5600 series firmware
Nport 5100a series firmware
Nport p5150a series firmware
Nport 5200 series firmware
Nport 6100 series firmware
Nport 5200a series firmware
Nport 5x50a1-m12 series firmware
Nport 5600-8-dtl series firmware
Edr-810 firmware
Miineport e1 firmware
Miineport e2 firmware
Awk-5232-m12-rcc firmware
Awk-3191 firmware
Awk-3131a firmware
Awk-6232 firmware
Awk-1127 firmware
Wac-2004 firmware
Awk-5232 firmware
Awk-1121 firmware
Wac-1001 v2 firmware
Awk-3121-m12-rtg firmware
Awk-1131a firmware
Awk-4131a firmware
Awk-3131-m12-rcc firmware
Oncellg3470a-lte firmware
Mxview
Mx-aopc server
Oncell 5104-hsdpa firmware
Oncell 5004-hspa firmware
Oncell g3110-hspa firmware
Oncell g3110-hsdpa firmware
Oncell g3150-hsdpa firmware
Oncell 5104-hspa firmware
Eds-g512e firmware
Nport 5110 firmware
Nport 5130 firmware
Nport 5150 firmware
Softcms lab view
Softnvr-ia live view
Oncell g3110-hspa-t firmware
Oncell g3150-hspa-t firmware
Oncell g3150-hspa firmware
Nport 5210 firmware
Nport 5230 firmware
Nport 5232 firmware
Thingspro
Eds-510a firmware
Iks-g6824a firmware
Awk-3121 firmware
Oncell g3470a-lte-eu-t firmware
Oncell g3470a-lte-eu firmware
Oncell g3470a-lte-us-t firmware
Oncell g3470a-lte-us firmware


Copyright 2019, cxsecurity.com

 

Back to Top