CVE-2021-39278

Published: Sep 7, 2021Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

Affected (12)

Products: Moxa: Wac 2004 Firmware, Wac 1001 Firmware, Wac 1001 T Firmware, Oncell G3470a Lte Eu Firmware, Oncell G3470a Lte Eu T Firmware, Tap 323 Eu Ct T Firmware, Tap 323 Us Ct T Firmware, Tap 323 Jp Ct T Firmware, Wdr 3124a Eu Firmware, Wdr 3124a Eu T Firmware, Wdr 3124a Us Firmware, Wdr 3124a Us T Firmware

12 products

Oncell G3470a Lte Eu Firmware

Oncell G3470a Lte Eu T Firmware

Tap 323 Eu Ct T Firmware

Tap 323 Us Ct T Firmware

Tap 323 Jp Ct T Firmware

Wdr 3124a Eu Firmware

Wdr 3124a Eu T Firmware

Wdr 3124a Us Firmware

Wdr 3124a Us T Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 2004 Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Wac 2004	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 1001 Firmware	Version 2.1

Running on/with	Platform Versions
Moxa Wac 1001	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 1001 T Firmware	Version 2.1

Running on/with	Platform Versions
Moxa Wac 1001 T	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3470a Lte Eu Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Oncell G3470a Lte Eu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3470a Lte Eu T Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Oncell G3470a Lte Eu T	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Eu Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Eu Ct T	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Us Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Us Ct T	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Jp Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Jp Ct T	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Eu Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Eu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Eu T Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Eu T	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Us Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Us	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Us T Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Us T	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://packetstormsecurity.com/files/164014

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/164014

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.