SB2018030204 - Multiple vulnerabilities in Moxa OnCell G3100-HSPA Series
Published: March 2, 2018
Security Bulletin ID
SB2018030204
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Brute-force attack (CVE-ID: CVE-2018-5455)
The vulnerability allows remote attacker to perform brute-force attack on the target system.The vulnerability exists due to the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack, bypass authentication and gain access to device functions.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
2) Denial of service (CVE-ID: CVE-2018-5453)
The vulnerability allows remote attacker to cause DoS condition on the target system.The vulnerability exists due to improper handling of length parameter inconsistency. A remote attacker can edit the element of an HTTP request and cause the device to become unavailable.
3) Null pointer dereference (CVE-ID: CVE-2018-5449)
The vulnerability allows remote attacker to cause DoS condition on the target system.The vulnerability exists due to the application does not check for a NULL value. A remote attacker can trigger NULL pointer dereference and cause the device to become unavailable.
Remediation
Install update from vendor's website.