8.8

CVE-2017-7917

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoxaOncell G3110-hspa Firmware Version <= 1.3
   MoxaOncell G3110-hspa Version-
MoxaOncell G3110-hsdpa Firmware Version <= 1.2
   MoxaOncell G3110-hsdpa Version-
MoxaOncell G3150-hsdpa Firmware Version <= 1.4
   MoxaOncell G3150-hsdpa Version-
MoxaOncell 5104-hsdpa Firmware Version <= -
   MoxaOncell 5104-hsdpa Version-
MoxaOncell 5104-hspa Firmware Version <= -
   MoxaOncell 5104-hspa Version-
MoxaOncell 5004-hspa Firmware Version <= -
   MoxaOncell 5004-hspa Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.253
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01
Third Party Advisory
US Government Resource