CVE-2016-5819

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in the web interface of Moxa G3100V2 Series devices prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series devices prior to Version 1.7 [1]. The vulnerability allows an attacker to inject arbitrary script code via a crafted request that the user's browser executes within the trust relationship between the browser and the affected device [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious link containing the XSS payload and delivering it to a user who has access to the device's web interface [1]. The target user must click on the crafted link while authenticated to the device [1]. No special network position is required, as the attack can be performed remotely [1].

Impact

Successful exploitation allows the attacker to execute arbitrary HTML and script code in the user's browser within the security context of the device's web interface [1]. This can lead to session hijacking, unauthorized actions, or information disclosure, effectively bypassing authentication restrictions [1].

Mitigation

Moxa has released updated firmware to address this vulnerability: Version 2.8 for the G3100V2 Series and Version 1.7 for the G3111/G3151/G3211/G3251 Series [1]. Users should update to the latest firmware versions as soon as possible [1]. This vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.