Brute-force attack in OnCell G3100-HSPA Series - CVE-2018-5455
Published: March 2, 2018
Vulnerability identifier: #VU10813
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5455
CWE-ID: CWE-565
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
OnCell G3100-HSPA Series
OnCell G3100-HSPA Series
Detailed vulnerability description
The vulnerability allows remote attacker to perform brute-force attack on the target system.
The vulnerability exists due to the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack, bypass authentication and gain access to device functions.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
The vulnerability exists due to the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack, bypass authentication and gain access to device functions.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
How to mitigate CVE-2018-5455
Install update from vendor's website.