Sign-up

ID

VAR-201705-3761


CVE

CVE-2017-7917


TITLE

plural Moxa OnCell Product cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004593

DESCRIPTION

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device. plural Moxa OnCell The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3110-HSPA is a product of China's Moxa Corporation. The OnCellG3110-HSPA is an industrial-grade IP gateway. The OnCell5104-HSPA is an industrial-grade cellular router. A cross-site request forgery vulnerability exists in several Moxa products due to insufficient verification requests from the program. Moxa OnCell series products are prone to multiple security vulnerabilities. Attackers may exploit these issues to bypass authentication mechanism and gain unauthorized access, to gain sensitive information and perform certain unauthorized actions in the context of the affected application. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2017-7917 // JVNDB: JVNDB-2017-004593 // CNVD: CNVD-2017-09878 // BID: 98626 // VULHUB: VHN-116120

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-09878

AFFECTED PRODUCTS

vendor:moxamodel:oncell 5004-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hspascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell 5104-hsdpascope: - version: -

Trust: 1.4

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2

Trust: 1.0

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell 5004-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hspascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell 5104-hsdpascope:lteversion: -

Trust: 1.0

vendor:moxamodel:oncell g3110-hsdpascope:lteversion:1.2 build 09123015

Trust: 0.8

vendor:moxamodel:oncell g3110-hspascope:lteversion:1.3 build 15082117

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpascope:lteversion:1.4 build 11051315

Trust: 0.8

vendor:moxamodel:oncell g3150-hsdpa buildscope:lteversion:<=1.411051315

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpa buildscope:lteversion:<=1.209123015

Trust: 0.6

vendor:moxamodel:oncell g3110-hspa buildscope:lteversion:<=1.315082117

Trust: 0.6

vendor:moxamodel:oncell 5104-hsdpascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpascope:eqversion:1.4

Trust: 0.6

vendor:moxamodel:oncell 5004-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3110-hsdpascope:eqversion:1.2

Trust: 0.6

vendor:moxamodel:oncell g3110-hspascope:eqversion:1.3

Trust: 0.6

vendor:moxamodel:oncell 5104-hspascope:eqversion: -

Trust: 0.6

vendor:moxamodel:oncell g3150-hsdpa buildscope:eqversion:1.411051315

Trust: 0.3

vendor:moxamodel:oncell g3110-hspa buildscope:eqversion:1.315082117

Trust: 0.3

vendor:moxamodel:oncell g3110-hsdpa buildscope:eqversion:1.209123015

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5104-hsdpascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:eqversion:0

Trust: 0.3

vendor:moxamodel:oncell g3110-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5104-hspascope:neversion:1.4

Trust: 0.3

vendor:moxamodel:oncell 5004-hspascope:neversion:1.4

Trust: 0.3

sources: CNVD: CNVD-2017-09878 // BID: 98626 // JVNDB: JVNDB-2017-004593 // CNNVD: CNNVD-201705-1239 // NVD: CVE-2017-7917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7917
value: HIGH

Trust: 1.0

NVD: CVE-2017-7917
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-09878
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-1239
value: HIGH

Trust: 0.6

VULHUB: VHN-116120
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7917
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-09878
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-116120
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7917
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-09878 // VULHUB: VHN-116120 // JVNDB: JVNDB-2017-004593 // CNNVD: CNNVD-201705-1239 // NVD: CVE-2017-7917

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-116120 // JVNDB: JVNDB-2017-004593 // NVD: CVE-2017-7917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1239

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201705-1239

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004593

PATCH
title:OnCell G3110/G3150-HSPAurl:http://japan.moxa.com/product/OnCell_G3110_G3150-HSPA.htm
Trust: 0.8
title:OnCell 5004/OnCell 5104-HSPAurl:http://japan.moxa.com/product/OnCell_5004_5104-HSPA.htm
Trust: 0.8
title:Patches for cross-site request forgery vulnerabilities in several Moxa productsurl:https://www.cnvd.org.cn/patchInfo/show/95501
Trust: 0.6
title:Repair measures for multiple Moss products cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70581
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-09878 // 
            
            
            
            JVNDB: JVNDB-2017-004593 // 
            
            
            
            CNNVD: CNNVD-201705-1239

EXTERNAL IDS
db:ICS CERTid:ICSA-17-143-01
Trust: 3.4
db:NVDid:CVE-2017-7917
Trust: 3.4
db:BIDid:98626
Trust: 0.9
db:JVNDBid:JVNDB-2017-004593
Trust: 0.8
db:CNNVDid:CNNVD-201705-1239
Trust: 0.7
db:CNVDid:CNVD-2017-09878
Trust: 0.6
db:VULHUBid:VHN-116120
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-09878 // 
            
            
            
            VULHUB: VHN-116120 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004593 // 
            
            
            
            CNNVD: CNNVD-201705-1239 // 
            
            
            
            NVD: CVE-2017-7917

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-143-01
Trust: 3.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7917
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7917
Trust: 0.8
url:http://www.securityfocus.com/bid/98626
Trust: 0.6
url:http://www.moxa.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-09878 // 
            
            
            
            VULHUB: VHN-116120 // 
            
            
            
            BID: 98626 // 
            
            
            
            JVNDB: JVNDB-2017-004593 // 
            
            
            
            CNNVD: CNNVD-201705-1239 // 
            
            
            
            NVD: CVE-2017-7917

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 98626 // 
            
            
            
            CNNVD: CNNVD-201705-1239

SOURCES
db:CNVDid:CNVD-2017-09878
db:VULHUBid:VHN-116120
db:BIDid:98626
db:JVNDBid:JVNDB-2017-004593
db:CNNVDid:CNNVD-201705-1239
db:NVDid:CVE-2017-7917

LAST UPDATE DATE
2025-04-20T23:13:06.981000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-09878date:2017-06-16T00:00:00
db:VULHUBid:VHN-116120date:2019-10-09T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004593date:2017-06-29T00:00:00
db:CNNVDid:CNNVD-201705-1239date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7917date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-09878date:2017-06-16T00:00:00
db:VULHUBid:VHN-116120date:2017-05-29T00:00:00
db:BIDid:98626date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-004593date:2017-06-29T00:00:00
db:CNNVDid:CNNVD-201705-1239date:2017-05-23T00:00:00
db:NVDid:CVE-2017-7917date:2017-05-29T16:29:00.240