Sign-up

ID

VAR-201907-1147


CVE

CVE-2018-11426


TITLE

Moxa OnCell G3100-HSPA Authentication vulnerability in the series

Trust: 0.8

sources: JVNDB: JVNDB-2018-015818

DESCRIPTION

A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change. Moxa OnCell G3100-HSPA There are authentication vulnerabilities in the series.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaOnCellG3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. A security vulnerability exists in MoxaOnCellG3100-HSPA1.4Build16062919 and earlier

Trust: 2.34

sources: NVD: CVE-2018-11426 // JVNDB: JVNDB-2018-015818 // CNVD: CNVD-2019-23541 // VULHUB: VHN-121284 // VULMON: CVE-2018-11426

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23541

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.4 build 16062919

Trust: 0.8

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.4 build 16062919

Trust: 0.8

vendor:moxamodel:oncell g3100-hspa buildscope:ltversion:1.416062919

Trust: 0.6

sources: CNVD: CNVD-2019-23541 // JVNDB: JVNDB-2018-015818 // NVD: CVE-2018-11426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11426
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11426
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-23541
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-146
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121284
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11426
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11426
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-23541
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121284
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11426
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-23541 // VULHUB: VHN-121284 // VULMON: CVE-2018-11426 // JVNDB: JVNDB-2018-015818 // CNNVD: CNNVD-201907-146 // NVD: CVE-2018-11426

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-121284 // JVNDB: JVNDB-2018-015818 // NVD: CVE-2018-11426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-146

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015818

PATCH
title:Top Pageurl:https://www.moxa.com/en/
Trust: 0.8
title:MoxaOnCellG3100-HSPA security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/169913
Trust: 0.6
title:Moxa OnCell G3100-HSPA Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94348
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-23541 // 
            
            
            
            JVNDB: JVNDB-2018-015818 // 
            
            
            
            CNNVD: CNNVD-201907-146

EXTERNAL IDS
db:NVDid:CVE-2018-11426
Trust: 3.2
db:JVNDBid:JVNDB-2018-015818
Trust: 0.8
db:CNNVDid:CNNVD-201907-146
Trust: 0.7
db:CNVDid:CNVD-2019-23541
Trust: 0.6
db:VULHUBid:VHN-121284
Trust: 0.1
db:VULMONid:CVE-2018-11426
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23541 // 
            
            
            
            VULHUB: VHN-121284 // 
            
            
            
            VULMON: CVE-2018-11426 // 
            
            
            
            JVNDB: JVNDB-2018-015818 // 
            
            
            
            CNNVD: CNNVD-201907-146 // 
            
            
            
            NVD: CVE-2018-11426

REFERENCES
url:https://github.com/klsecservices/advisories/blob/master/kl-moxa-2018-105.md
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-11426
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11426
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23541 // 
            
            
            
            VULHUB: VHN-121284 // 
            
            
            
            VULMON: CVE-2018-11426 // 
            
            
            
            JVNDB: JVNDB-2018-015818 // 
            
            
            
            CNNVD: CNNVD-201907-146 // 
            
            
            
            NVD: CVE-2018-11426

SOURCES
db:CNVDid:CNVD-2019-23541
db:VULHUBid:VHN-121284
db:VULMONid:CVE-2018-11426
db:JVNDBid:JVNDB-2018-015818
db:CNNVDid:CNNVD-201907-146
db:NVDid:CVE-2018-11426

LAST UPDATE DATE
2024-11-23T22:58:37.857000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23541date:2019-07-22T00:00:00
db:VULHUBid:VHN-121284date:2019-07-10T00:00:00
db:VULMONid:CVE-2018-11426date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2018-015818date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-146date:2019-07-11T00:00:00
db:NVDid:CVE-2018-11426date:2024-11-21T03:43:20.697

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23541date:2019-07-22T00:00:00
db:VULHUBid:VHN-121284date:2019-07-03T00:00:00
db:VULMONid:CVE-2018-11426date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2018-015818date:2019-07-11T00:00:00
db:CNNVDid:CNNVD-201907-146date:2019-07-03T00:00:00
db:NVDid:CVE-2018-11426date:2019-07-03T15:15:10.537