Sign-up

ID

VAR-201907-1142


CVE

CVE-2018-11421


TITLE

Moxa OnCell G3100-HSPA Information disclosure vulnerability in the series

Trust: 0.8

sources: JVNDB: JVNDB-2018-015820

DESCRIPTION

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. Moxa OnCell G3100-HSPA The series contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. A security feature issue vulnerability exists in MoxaOnCellG3100-HSPASeries1.6Build17100315 and earlier. The vulnerability stems from the lack of security measures such as authentication, access control, and rights management in the network system or product. There are currently no detailed details of the vulnerability provided

Trust: 2.25

sources: NVD: CVE-2018-11421 // JVNDB: JVNDB-2018-015820 // CNVD: CNVD-2019-23544 // VULHUB: VHN-121279

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23544

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.6 build 17100315

Trust: 0.8

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.6 build 17100315

Trust: 0.8

vendor:moxamodel:oncell g3100-hspa buildscope:ltversion:1.617100315

Trust: 0.6

sources: CNVD: CNVD-2019-23544 // JVNDB: JVNDB-2018-015820 // NVD: CVE-2018-11421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11421
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11421
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-23544
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-159
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11421
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-23544
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121279
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11421
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-23544 // VULHUB: VHN-121279 // JVNDB: JVNDB-2018-015820 // CNNVD: CNNVD-201907-159 // NVD: CVE-2018-11421

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-121279 // JVNDB: JVNDB-2018-015820 // NVD: CVE-2018-11421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-159

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201907-159

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015820

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:MoxaOnCellG3100-HSPA Security Feature Issue Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/170605
Trust: 0.6
title:Moxa OnCell G3100-HSPA Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94360
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-23544 // 
            
            
            
            JVNDB: JVNDB-2018-015820 // 
            
            
            
            CNNVD: CNNVD-201907-159

EXTERNAL IDS
db:NVDid:CVE-2018-11421
Trust: 3.1
db:JVNDBid:JVNDB-2018-015820
Trust: 0.8
db:CNVDid:CNVD-2019-23544
Trust: 0.6
db:CNNVDid:CNNVD-201907-159
Trust: 0.6
db:VULHUBid:VHN-121279
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23544 // 
            
            
            
            VULHUB: VHN-121279 // 
            
            
            
            JVNDB: JVNDB-2018-015820 // 
            
            
            
            CNNVD: CNNVD-201907-159 // 
            
            
            
            NVD: CVE-2018-11421

REFERENCES
url:https://github.com/klsecservices/advisories/blob/master/kl-moxa-2018-103.md
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-11421
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11421
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-23544 // 
            
            
            
            VULHUB: VHN-121279 // 
            
            
            
            JVNDB: JVNDB-2018-015820 // 
            
            
            
            CNNVD: CNNVD-201907-159 // 
            
            
            
            NVD: CVE-2018-11421

SOURCES
db:CNVDid:CNVD-2019-23544
db:VULHUBid:VHN-121279
db:JVNDBid:JVNDB-2018-015820
db:CNNVDid:CNNVD-201907-159
db:NVDid:CVE-2018-11421

LAST UPDATE DATE
2024-11-23T22:51:42.905000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23544date:2019-07-22T00:00:00
db:VULHUBid:VHN-121279date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015820date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-159date:2020-08-25T00:00:00
db:NVDid:CVE-2018-11421date:2024-11-21T03:43:19.970

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23544date:2019-07-22T00:00:00
db:VULHUBid:VHN-121279date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2018-015820date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-159date:2019-07-03T00:00:00
db:NVDid:CVE-2018-11421date:2019-07-03T16:15:10.397