Moxa

Oncell G3150-hspa-t Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-11420

  • EPSS 0.43%
  • Veröffentlicht 03.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:19

There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

9.8

CVE-2018-11421

  • EPSS 1.11%
  • Veröffentlicht 03.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:19

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercept...

9.8

CVE-2018-11422

  • EPSS 0.23%
  • Veröffentlicht 03.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:20

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be interc...

7.8

CVE-2018-11423

  • EPSS 0.3%
  • Veröffentlicht 03.07.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:20

There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.

9.8

CVE-2018-11426

  • EPSS 0.43%
  • Veröffentlicht 03.07.2019 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:20

A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functio...

8.8

CVE-2018-11427

  • EPSS 0.14%
  • Veröffentlicht 03.07.2019 15:15:10
  • Zuletzt bearbeitet 21.11.2024 03:43:20

CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.

6.5

CVE-2018-5449

  • EPSS 0.07%
  • Veröffentlicht 05.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:49

A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

7.8

CVE-2018-5453

  • EPSS 0.23%
  • Veröffentlicht 05.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:49

An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailabl...

9.8

CVE-2018-5455

  • EPSS 0.45%
  • Veröffentlicht 05.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:50

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to p...