HIGH🇵🇱 Wersja polska

CVE-2018-11427

CVSS 8.8v3.0pub. 2019-07-03upd. 2024-11-21

CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Moxa Oncell G3150 Hspa

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3150 Hspa Firmware

    OS
    Moxa
    ≤ 1.4
  • Moxa Oncell G3150 Hspa T

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3150 Hspa T Firmware

    OS
    Moxa
    ≤ 1.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-11420CRITICAL9.8ten sam produkt

There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 an...

CVE-2018-11421CRITICAL9.8ten sam produkt

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that ...

CVE-2018-11422CRITICAL9.8ten sam produkt

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol th...

CVE-2018-11426CRITICAL9.8ten sam produkt

A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 1606...

CVE-2018-5455CRITICAL9.8ten sam produkt

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA...