Sign-up

ID

VAR-201907-1143


CVE

CVE-2018-11422


TITLE

Moxa OnCell G3100-HSPA Series access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015821

DESCRIPTION

Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication. Moxa OnCell G3100-HSPA The series contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. A security feature issue vulnerability exists in MoxaOnCellG3100-HSPA1.6Build17100315 and earlier. The vulnerability stems from the lack of security measures such as authentication, access control, and rights management in the network system or product. There are currently no detailed details of the vulnerability provided

Trust: 2.25

sources: NVD: CVE-2018-11422 // JVNDB: JVNDB-2018-015821 // CNVD: CNVD-2019-23542 // VULHUB: VHN-121280

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23542

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.6 build 17100315

Trust: 0.8

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.6 build 17100315

Trust: 0.8

vendor:moxamodel:oncell g3100-hspa buildscope:ltversion:1.617100315

Trust: 0.6

sources: CNVD: CNVD-2019-23542 // JVNDB: JVNDB-2018-015821 // NVD: CVE-2018-11422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11422
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11422
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-23542
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-157
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121280
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11422
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-23542
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121280
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11422
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-23542 // VULHUB: VHN-121280 // JVNDB: JVNDB-2018-015821 // CNNVD: CNNVD-201907-157 // NVD: CVE-2018-11422

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-121280 // JVNDB: JVNDB-2018-015821 // NVD: CVE-2018-11422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-157

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015821

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:Patch for MoxaOnCellG3100-HSPA Security Feature Issue Vulnerability (CNVD-2019-23542)url:https://www.cnvd.org.cn/patchInfo/show/169919
Trust: 0.6
title:Moxa OnCell G3100-HSPA Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94358
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-23542 // 
            
            
            
            JVNDB: JVNDB-2018-015821 // 
            
            
            
            CNNVD: CNNVD-201907-157

EXTERNAL IDS
db:NVDid:CVE-2018-11422
Trust: 3.1
db:JVNDBid:JVNDB-2018-015821
Trust: 0.8
db:CNNVDid:CNNVD-201907-157
Trust: 0.7
db:CNVDid:CNVD-2019-23542
Trust: 0.6
db:VULHUBid:VHN-121280
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23542 // 
            
            
            
            VULHUB: VHN-121280 // 
            
            
            
            JVNDB: JVNDB-2018-015821 // 
            
            
            
            CNNVD: CNNVD-201907-157 // 
            
            
            
            NVD: CVE-2018-11422

REFERENCES
url:https://github.com/klsecservices/advisories/blob/master/kl-moxa-2018-104.md
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-11422
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11422
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-23542 // 
            
            
            
            VULHUB: VHN-121280 // 
            
            
            
            JVNDB: JVNDB-2018-015821 // 
            
            
            
            CNNVD: CNNVD-201907-157 // 
            
            
            
            NVD: CVE-2018-11422

SOURCES
db:CNVDid:CNVD-2019-23542
db:VULHUBid:VHN-121280
db:JVNDBid:JVNDB-2018-015821
db:CNNVDid:CNNVD-201907-157
db:NVDid:CVE-2018-11422

LAST UPDATE DATE
2024-11-23T22:21:34.216000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23542date:2019-07-22T00:00:00
db:VULHUBid:VHN-121280date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015821date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-157date:2020-08-25T00:00:00
db:NVDid:CVE-2018-11422date:2024-11-21T03:43:20.117

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23542date:2019-07-22T00:00:00
db:VULHUBid:VHN-121280date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2018-015821date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-157date:2019-07-03T00:00:00
db:NVDid:CVE-2018-11422date:2019-07-03T16:15:10.477