Sign-up

ID

VAR-201705-3760


CVE

CVE-2017-7915


TITLE

plural Moxa OnCell Vulnerabilities related to security functions in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-004592

DESCRIPTION

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. plural Moxa OnCell The product contains vulnerabilities related to security functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3110-HSPA is a product of China's Moxa Corporation. The OnCellG3110-HSPA is an industrial-grade IP gateway. The OnCell5104-HSPA is an industrial-grade cellular router. A number of Moxa products have brute force exploits. Attackers may exploit these issues to bypass authentication mechanism and gain unauthorized access, to gain sensitive information and perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. The following products and versions are affected: Mosa OnCell G3110-HSPA 1.3 build 15082117 and earlier; OnCell G3110-HSDPA 1.2 Build 09123015 and earlier; OnCell G3150-HSDPA 1.4 Build 11051315 and earlier; OnCell 5104-HSDPA; OnCell 5104-HSPA; OnCell 5004-HSPA

Trust: 2.52

sources: NVD: CVE-2017-7915 // JVNDB: JVNDB-2017-004592 // CNVD: CNVD-2017-09880 // BID: 98626 // VULHUB: VHN-116118

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-09880

AFFECTED PRODUCTS

vendor:moxamodel:oncell 5004-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hsdpascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell 5004-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hsdpascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2 build 09123015

Trust: 0.8

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3 build 15082117

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4 build 11051315

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpa buildscope:lteversion:<=1.411051315

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpa buildscope:lteversion:<=1.209123015

Trust: 0.6

vendor:moxamodel:oncell g3110-hspa buildscope:lteversion:<=1.315082117

Trust: 0.6

vendor:moxamodel:oncell 5104-hsdpascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpascope:eqversion:1.4

Trust: 0.6

vendor:moxamodel:oncell 5004-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpascope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:oncell g3110-hspascope:eqversion:1.3

Trust: 0.6

vendor:moxamodel:oncell 5104-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpa buildscope:eqversion:1.411051315

Trust: 0.3

vendor:moxamodel:oncell g3110-hspa buildscope:eqversion:1.315082117

Trust: 0.3

vendor:moxamodel:oncell g3110-hsdpa buildscope:eqversion:1.209123015

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5104-hsdpascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3110-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:neversion:1.4

Trust: 0.3

sources: CNVD: CNVD-2017-09880 // BID: 98626 // JVNDB: JVNDB-2017-004592 // CNNVD: CNNVD-201705-1237 // NVD: CVE-2017-7915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7915
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7915
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-09880
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-1237
value: CRITICAL

Trust: 0.6

VULHUB: VHN-116118
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7915
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-09880
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116118
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7915
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-09880 // VULHUB: VHN-116118 // JVNDB: JVNDB-2017-004592 // CNNVD: CNNVD-201705-1237 // NVD: CVE-2017-7915

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-116118 // JVNDB: JVNDB-2017-004592 // NVD: CVE-2017-7915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1237

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-1237

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004592

PATCH
title:OnCell G3110/G3150-HSPAurl:http://japan.moxa.com/product/OnCell_G3110_G3150-HSPA.htm
Trust: 0.8
title:OnCell 5004/OnCell 5104-HSPAurl:http://japan.moxa.com/product/OnCell_5004_5104-HSPA.htm
Trust: 0.8
title:Patches for violent cracking vulnerabilities in several Moxa productsurl:https://www.cnvd.org.cn/patchInfo/show/95503
Trust: 0.6
title:Various Moss product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70579
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-09880 // 
            
            
            
            JVNDB: JVNDB-2017-004592 // 
            
            
            
            CNNVD: CNNVD-201705-1237

EXTERNAL IDS
db:NVDid:CVE-2017-7915
Trust: 3.4
db:ICS CERTid:ICSA-17-143-01
Trust: 3.4
db:BIDid:98626
Trust: 0.9
db:JVNDBid:JVNDB-2017-004592
Trust: 0.8
db:CNNVDid:CNNVD-201705-1237
Trust: 0.7
db:CNVDid:CNVD-2017-09880
Trust: 0.6
db:VULHUBid:VHN-116118
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-09880 // 
            
            
            
            VULHUB: VHN-116118 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004592 // 
            
            
            
            CNNVD: CNNVD-201705-1237 // 
            
            
            
            NVD: CVE-2017-7915

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-143-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7915
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7915
Trust: 0.8
url:http://www.securityfocus.com/bid/98626
Trust: 0.6
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-09880 // 
            
            
            
            VULHUB: VHN-116118 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004592 // 
            
            
            
            CNNVD: CNNVD-201705-1237 // 
            
            
            
            NVD: CVE-2017-7915

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 98626 // 
            
            
            
            CNNVD: CNNVD-201705-1237

SOURCES
db:CNVDid:CNVD-2017-09880
db:VULHUBid:VHN-116118
db:BIDid:98626
db:JVNDBid:JVNDB-2017-004592
db:CNNVDid:CNNVD-201705-1237
db:NVDid:CVE-2017-7915

LAST UPDATE DATE
2025-04-20T23:13:06.907000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-09880date:2017-06-16T00:00:00
db:VULHUBid:VHN-116118date:2019-10-09T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004592date:2017-06-29T00:00:00
db:CNNVDid:CNNVD-201705-1237date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7915date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-09880date:2017-06-16T00:00:00
db:VULHUBid:VHN-116118date:2017-05-29T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004592date:2017-06-29T00:00:00
db:CNNVDid:CNNVD-201705-1237date:2017-05-23T00:00:00
db:NVDid:CVE-2017-7915date:2017-05-29T16:29:00.210