VYPR

OnCell G3100-HSPA Series

by Moxa

CVEs (9)

  • CVE-2018-5455CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack…

  • CVE-2018-5453HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

  • CVE-2018-5449MedMar 5, 2018
    risk 0.42cvss 6.5epss 0.00

    A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

  • CVE-2018-11420Jul 3, 2019
    risk 0.00cvss epss 0.02

    There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.

  • CVE-2018-11421Jul 3, 2019
    risk 0.00cvss epss 0.01

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol…

  • CVE-2018-11422Jul 3, 2019
    risk 0.00cvss epss 0.01

    Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any…

  • CVE-2018-11423Jul 3, 2019
    risk 0.00cvss epss 0.01

    There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.

  • CVE-2018-11426Jul 3, 2019
    risk 0.00cvss epss 0.02

    A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.

  • CVE-2018-11427Jul 3, 2019
    risk 0.00cvss epss 0.01

    CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.