Sign-up

ID

VAR-201907-1148


CVE

CVE-2018-11427


TITLE

Moxa OnCell G3100-HSPA Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-21428 // CNNVD: CNNVD-201907-148

DESCRIPTION

CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. Moxa OnCell G3100-HSPA The series contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa Corporation of Taiwan, China. This vulnerability stems from the fact that the WEB application does not fully verify that the request is from a trusted user. An attacker could exploit the vulnerability to send an unexpected request to the server through an affected client

Trust: 2.34

sources: NVD: CVE-2018-11427 // JVNDB: JVNDB-2018-015814 // CNVD: CNVD-2019-21428 // VULHUB: VHN-121285 // VULMON: CVE-2018-11427

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-21428

AFFECTED PRODUCTS

vendor:moxamodel:oncell g3150-hspa-tscope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope:lteversion:1.4

Trust: 1.0

vendor:moxamodel:oncell g3150-hspascope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3150-hspa-tscope: - version: -

Trust: 0.8

vendor:moxamodel:oncell g3100-hspa buildscope:lteversion:<=1.416062919

Trust: 0.6

sources: CNVD: CNVD-2019-21428 // JVNDB: JVNDB-2018-015814 // NVD: CVE-2018-11427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11427
value: HIGH

Trust: 1.0

NVD: CVE-2018-11427
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-21428
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-148
value: HIGH

Trust: 0.6

VULHUB: VHN-121285
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-11427
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11427
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-21428
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121285
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11427
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-21428 // VULHUB: VHN-121285 // VULMON: CVE-2018-11427 // JVNDB: JVNDB-2018-015814 // CNNVD: CNNVD-201907-148 // NVD: CVE-2018-11427

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-121285 // JVNDB: JVNDB-2018-015814 // NVD: CVE-2018-11427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-148

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201907-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015814

PATCH
title:OnCell G3100-HSPA Seriesurl:https://www.moxa.com/en/products/industrial-network-infrastructure/cellular-gateways-routers-modems/cellular-gateways/oncell-g3100-hspa-series
Trust: 0.8
title:Patch for Moxa OnCell G3100-HSPA Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/167237
Trust: 0.6
title:Moxa OnCell G3100-HSPA Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94350
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-21428 // 
            
            
            
            JVNDB: JVNDB-2018-015814 // 
            
            
            
            CNNVD: CNNVD-201907-148

EXTERNAL IDS
db:NVDid:CVE-2018-11427
Trust: 3.2
db:JVNDBid:JVNDB-2018-015814
Trust: 0.8
db:CNNVDid:CNNVD-201907-148
Trust: 0.7
db:CNVDid:CNVD-2019-21428
Trust: 0.6
db:VULHUBid:VHN-121285
Trust: 0.1
db:VULMONid:CVE-2018-11427
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21428 // 
            
            
            
            VULHUB: VHN-121285 // 
            
            
            
            VULMON: CVE-2018-11427 // 
            
            
            
            JVNDB: JVNDB-2018-015814 // 
            
            
            
            CNNVD: CNNVD-201907-148 // 
            
            
            
            NVD: CVE-2018-11427

REFERENCES
url:https://github.com/klsecservices/advisories/blob/master/kl-moxa-2018-106.md
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-11427
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11427
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21428 // 
            
            
            
            VULHUB: VHN-121285 // 
            
            
            
            VULMON: CVE-2018-11427 // 
            
            
            
            JVNDB: JVNDB-2018-015814 // 
            
            
            
            CNNVD: CNNVD-201907-148 // 
            
            
            
            NVD: CVE-2018-11427

SOURCES
db:CNVDid:CNVD-2019-21428
db:VULHUBid:VHN-121285
db:VULMONid:CVE-2018-11427
db:JVNDBid:JVNDB-2018-015814
db:CNNVDid:CNNVD-201907-148
db:NVDid:CVE-2018-11427

LAST UPDATE DATE
2024-11-23T23:08:18.649000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-21428date:2019-07-08T00:00:00
db:VULHUBid:VHN-121285date:2019-07-10T00:00:00
db:VULMONid:CVE-2018-11427date:2019-07-10T00:00:00
db:JVNDBid:JVNDB-2018-015814date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-148date:2019-07-10T00:00:00
db:NVDid:CVE-2018-11427date:2024-11-21T03:43:20.840

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-21428date:2019-07-08T00:00:00
db:VULHUBid:VHN-121285date:2019-07-03T00:00:00
db:VULMONid:CVE-2018-11427date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2018-015814date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201907-148date:2019-07-03T00:00:00
db:NVDid:CVE-2018-11427date:2019-07-03T15:15:10.633