cvelistv5 - CVE-2018-11421

CVE-2018-11421 (GCVE-0-2018-11421)

Vulnerability from cvelistv5 – Published: 2019-07-03 15:24 – Updated: 2024-08-05 08:10

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://github.com/klsecservices/Advisories/blob/…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:10:14.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T15:24:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11421",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md",
              "refsource": "MISC",
              "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-11421",
    "datePublished": "2019-07-03T15:24:45",
    "dateReserved": "2018-05-24T00:00:00",
    "dateUpdated": "2024-08-05T08:10:14.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3150-hspa_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6\", \"matchCriteriaId\": \"4EB5A49A-BC65-46F8-937A-59880E0DF816\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3150-hspa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"818C840B-A1BB-4D67-9B39-7358542FE0A8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3150-hspa-t_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6\", \"matchCriteriaId\": \"710E168D-27E4-47ED-BAD8-241432767E65\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3150-hspa-t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBE7E4C9-CB5E-4DA0-8FFA-CA23A15CBC6A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.\"}, {\"lang\": \"es\", \"value\": \"Moxa OnCell serie G3100-HSPA versi\\u00f3n 1.6 Build 17100315 y anteriores usa un protocolo de monitoreo propietario que no proporciona controles de seguridad de confidencialidad, integridad y autenticidad. Toda la informaci\\u00f3n se env\\u00eda en texto plano, y puede ser interceptada y modificada. El protocolo es vulnerable a la divulgaci\\u00f3n remota no autenticada de informaci\\u00f3n confidencial, incluida la contrase\\u00f1a del administrador. Bajo ciertas condiciones, tambi\\u00e9n es posible recuperar informaci\\u00f3n adicional, como el contenido de las solicitudes HTTP al dispositivo, o la contrase\\u00f1a utilizada anteriormente, debido a fugas de memoria.\"}]",
      "id": "CVE-2018-11421",
      "lastModified": "2024-11-21T03:43:19.970",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-07-03T16:15:10.397",
      "references": "[{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11421\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-03T16:15:10.397\",\"lastModified\":\"2024-11-21T03:43:19.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.\"},{\"lang\":\"es\",\"value\":\"Moxa OnCell serie G3100-HSPA versi\u00f3n 1.6 Build 17100315 y anteriores usa un protocolo de monitoreo propietario que no proporciona controles de seguridad de confidencialidad, integridad y autenticidad. Toda la informaci\u00f3n se env\u00eda en texto plano, y puede ser interceptada y modificada. El protocolo es vulnerable a la divulgaci\u00f3n remota no autenticada de informaci\u00f3n confidencial, incluida la contrase\u00f1a del administrador. Bajo ciertas condiciones, tambi\u00e9n es posible recuperar informaci\u00f3n adicional, como el contenido de las solicitudes HTTP al dispositivo, o la contrase\u00f1a utilizada anteriormente, debido a fugas de memoria.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3150-hspa_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6\",\"matchCriteriaId\":\"4EB5A49A-BC65-46F8-937A-59880E0DF816\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3150-hspa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"818C840B-A1BB-4D67-9B39-7358542FE0A8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3150-hspa-t_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6\",\"matchCriteriaId\":\"710E168D-27E4-47ED-BAD8-241432767E65\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3150-hspa-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBE7E4C9-CB5E-4DA0-8FFA-CA23A15CBC6A\"}]}]}],\"references\":[{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2018-11421

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11421

Aliases

CVE-2018-11421

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11421",
    "description": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.",
    "id": "GSD-2018-11421"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11421"
      ],
      "details": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.",
      "id": "GSD-2018-11421",
      "modified": "2023-12-13T01:22:42.179019Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-11421",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md",
            "refsource": "MISC",
            "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:oncell_g3150-hspa_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:oncell_g3150-hspa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:oncell_g3150-hspa-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:oncell_g3150-hspa-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11421"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-07-03T16:15Z"
    }
  }
}

GHSA-X8WQ-F592-JCQF

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-05-24 16:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-11421"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-03T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.",
  "id": "GHSA-x8wq-f592-jcqf",
  "modified": "2022-05-24T16:49:19Z",
  "published": "2022-05-24T16:49:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11421"
    },
    {
      "type": "WEB",
      "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201907-1142

Vulnerability from variot - Updated: 2023-12-18 14:00

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. Moxa OnCell G3100-HSPA The series contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. A security feature issue vulnerability exists in MoxaOnCellG3100-HSPASeries1.6Build17100315 and earlier. The vulnerability stems from the lack of security measures such as authentication, access control, and rights management in the network system or product. There are currently no detailed details of the vulnerability provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1142",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "oncell g3150-hspa-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": "oncell g3150-hspa",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": "oncell g3150-hspa",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.6 build 17100315"
      },
      {
        "model": "oncell g3150-hspa-t",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.6 build 17100315"
      },
      {
        "model": "oncell g3100-hspa build",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.617100315"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:oncell_g3150-hspa_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:oncell_g3150-hspa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:oncell_g3150-hspa-t_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:oncell_g3150-hspa-t:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      }
    ]
  },
  "cve": "CVE-2018-11421",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-11421",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-23544",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-121279",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-11421",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-11421",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-23544",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-159",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121279",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. Moxa OnCell G3100-HSPA The series contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. A security feature issue vulnerability exists in MoxaOnCellG3100-HSPASeries1.6Build17100315 and earlier. The vulnerability stems from the lack of security measures such as authentication, access control, and rights management in the network system or product. There are currently no detailed details of the vulnerability provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11421",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "id": "VAR-201907-1142",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:00:52.058000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.moxa.com/en/"
      },
      {
        "title": "MoxaOnCellG3100-HSPA Security Feature Issue Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/170605"
      },
      {
        "title": "Moxa OnCell G3100-HSPA Fixing measures for security feature vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94360"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://github.com/klsecservices/advisories/blob/master/kl-moxa-2018-103.md"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11421"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11421"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "date": "2019-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "date": "2019-07-03T16:15:10.397000",
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "date": "2019-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-23544"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121279"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2018-11421"
      },
      {
        "date": "2020-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa OnCell G3100-HSPA Information disclosure vulnerability in the series",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015820"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-159"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2020-AVI-088

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Moxa OnCell. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). A noter que les CVE-2018-11421 et CVE-2018-11422 requièrent des mesures additionnelles.

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	micrologociel OnCell G3100-HSPA Series versions antérieures à 1.8
	Moxa	N/A	micrologiciel OnCell G3470A-LTE Series versions antérieures à 1.7

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa du 13 février 2020	None	vendor-advisory
Bulletin de sécurité Moxa du 13 février 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologociel OnCell G3100-HSPA Series versions ant\u00e9rieures \u00e0 1.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel OnCell G3470A-LTE Series versions ant\u00e9rieures \u00e0 1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). A noter que les CVE-2018-11421\net CVE-2018-11422 requi\u00e8rent des mesures additionnelles.\n",
  "cves": [
    {
      "name": "CVE-2018-11424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11424"
    },
    {
      "name": "CVE-2018-11420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11420"
    },
    {
      "name": "CVE-2018-11427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11427"
    },
    {
      "name": "CVE-2018-11421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11421"
    },
    {
      "name": "CVE-2018-11426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11426"
    },
    {
      "name": "CVE-2018-11423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11423"
    },
    {
      "name": "CVE-2018-11422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11422"
    },
    {
      "name": "CVE-2018-11425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11425"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 13 f\u00e9vrier 2020",
      "url": "https://www.moxa.com/en/support/support/security-advisory/oncell-g3100-hspa-oncell-g3470a-lte-cellular-gateway-vulnerabilities"
    }
  ],
  "reference": "CERTFR-2020-AVI-088",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa OnCell.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 13 f\u00e9vrier 2020",
      "url": null
    }
  ]
}

CERTFR-2020-AVI-088

Vulnerability from certfr_avis - Published: - Updated:

Solution

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	micrologociel OnCell G3100-HSPA Series versions antérieures à 1.8
	Moxa	N/A	micrologiciel OnCell G3470A-LTE Series versions antérieures à 1.7

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa du 13 février 2020	None	vendor-advisory
Bulletin de sécurité Moxa du 13 février 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologociel OnCell G3100-HSPA Series versions ant\u00e9rieures \u00e0 1.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel OnCell G3470A-LTE Series versions ant\u00e9rieures \u00e0 1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). A noter que les CVE-2018-11421\net CVE-2018-11422 requi\u00e8rent des mesures additionnelles.\n",
  "cves": [
    {
      "name": "CVE-2018-11424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11424"
    },
    {
      "name": "CVE-2018-11420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11420"
    },
    {
      "name": "CVE-2018-11427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11427"
    },
    {
      "name": "CVE-2018-11421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11421"
    },
    {
      "name": "CVE-2018-11426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11426"
    },
    {
      "name": "CVE-2018-11423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11423"
    },
    {
      "name": "CVE-2018-11422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11422"
    },
    {
      "name": "CVE-2018-11425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11425"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 13 f\u00e9vrier 2020",
      "url": "https://www.moxa.com/en/support/support/security-advisory/oncell-g3100-hspa-oncell-g3470a-lte-cellular-gateway-vulnerabilities"
    }
  ],
  "reference": "CERTFR-2020-AVI-088",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa OnCell.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa OnCell",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa du 13 f\u00e9vrier 2020",
      "url": null
    }
  ]
}

FKIE_CVE-2018-11421

Vulnerability from fkie_nvd - Published: 2019-07-03 16:15 - Updated: 2024-11-21 03:43

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md	Third Party Advisory

Impacted products

Vendor	Product	Version
moxa	oncell_g3150-hspa_firmware	*
moxa	oncell_g3150-hspa	-
moxa	oncell_g3150-hspa-t_firmware	*
moxa	oncell_g3150-hspa-t	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:oncell_g3150-hspa_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB5A49A-BC65-46F8-937A-59880E0DF816",
              "versionEndIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:oncell_g3150-hspa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "818C840B-A1BB-4D67-9B39-7358542FE0A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:oncell_g3150-hspa-t_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "710E168D-27E4-47ED-BAD8-241432767E65",
              "versionEndIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:oncell_g3150-hspa-t:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBE7E4C9-CB5E-4DA0-8FFA-CA23A15CBC6A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator\u0027s password. Under certain conditions, it\u0027s also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages."
    },
    {
      "lang": "es",
      "value": "Moxa OnCell serie G3100-HSPA versi\u00f3n 1.6 Build 17100315 y anteriores usa un protocolo de monitoreo propietario que no proporciona controles de seguridad de confidencialidad, integridad y autenticidad. Toda la informaci\u00f3n se env\u00eda en texto plano, y puede ser interceptada y modificada. El protocolo es vulnerable a la divulgaci\u00f3n remota no autenticada de informaci\u00f3n confidencial, incluida la contrase\u00f1a del administrador. Bajo ciertas condiciones, tambi\u00e9n es posible recuperar informaci\u00f3n adicional, como el contenido de las solicitudes HTTP al dispositivo, o la contrase\u00f1a utilizada anteriormente, debido a fugas de memoria."
    }
  ],
  "id": "CVE-2018-11421",
  "lastModified": "2024-11-21T03:43:19.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-03T16:15:10.397",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-23544

Vulnerability from cnvd - Published: 2019-07-22

Title

Moxa OnCell G3100-HSPA安全特征问题漏洞

Description

Moxa OnCell G3100-HSPA是中国台湾摩莎（Moxa）公司的一款G3100-HSPA系列蜂窝网络网关设备。 Moxa OnCell G3100-HSPA Series 1.6 Build 17100315及之前版本中存在安全特征问题漏洞。该漏洞是源于网络系统或产品中缺少身份验证、访问控制、权限管理等安全措施。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Moxa OnCell G3100-HSPA安全特征问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.moxa.com/

Reference

https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md

Impacted products

Name
Moxa Moxa OnCell G3100-HSPA <1.6 Build 17100315

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11421",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-11421"
    }
  },
  "description": "Moxa OnCell G3100-HSPA\u662f\u4e2d\u56fd\u53f0\u6e7e\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u6b3eG3100-HSPA\u7cfb\u5217\u8702\u7a9d\u7f51\u7edc\u7f51\u5173\u8bbe\u5907\u3002\n\nMoxa OnCell G3100-HSPA Series 1.6 Build 17100315\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3001\u8bbf\u95ee\u63a7\u5236\u3001\u6743\u9650\u7ba1\u7406\u7b49\u5b89\u5168\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "discovererName": "klsecurityservices",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.moxa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-23544",
  "openTime": "2019-07-22",
  "patchDescription": "Moxa OnCell G3100-HSPA\u662f\u4e2d\u56fd\u53f0\u6e7e\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u6b3eG3100-HSPA\u7cfb\u5217\u8702\u7a9d\u7f51\u7edc\u7f51\u5173\u8bbe\u5907\u3002\r\n\r\nMoxa OnCell G3100-HSPA Series 1.6 Build 17100315\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3001\u8bbf\u95ee\u63a7\u5236\u3001\u6743\u9650\u7ba1\u7406\u7b49\u5b89\u5168\u63aa\u65bd\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa OnCell G3100-HSPA\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Moxa Moxa OnCell G3100-HSPA \u003c1.6 Build 17100315"
  },
  "referenceLink": "https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-103.md",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-09",
  "title": "Moxa OnCell G3100-HSPA\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11421 (GCVE-0-2018-11421)

GSD-2018-11421

GHSA-X8WQ-F592-JCQF

VAR-201907-1142

CERTFR-2020-AVI-088

Solution

CERTFR-2020-AVI-088

Solution

FKIE_CVE-2018-11421

CNVD-2019-23544

Tags

Sightings

Nomenclature