Oncell G3150 Hspa Firmware

oncell_g3150-hspa_firmware

Vendor: Moxa • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11423 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
CVE-2018-11422 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in...Show more Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.Show less
CVE-2018-11421 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in pl...Show more Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.Show less
CVE-2018-11420 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
CVE-2018-11427 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
CVE-2018-11426 1Moxa 2Oncell G3150 Hspa T Firmware Oncell G3150 Hspa Firmware Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web in...Show more A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.Show less
CVE-2018-5455 1Moxa 4Oncell G3110 Hspa T Firmware Oncell G3110 Hspa FirmwareOncell G3150 Hspa T Firmware+1 more Nov 21, 2024 Mar 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only dig...Show more A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.Show less
CVE-2018-5453 1Moxa 4Oncell G3110 Hspa T Firmware Oncell G3110 Hspa FirmwareOncell G3150 Hspa T Firmware+1 more Nov 21, 2024 Mar 5, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing t...Show more An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.Show less
CVE-2018-5449 1Moxa 4Oncell G3110 Hspa T Firmware Oncell G3110 Hspa FirmwareOncell G3150 Hspa T Firmware+1 more Nov 21, 2024 Mar 5, 2018 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of serv...Show more A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.Show less