Cross-site request forgery in OnCell - CVE-2017-7917
Published: May 24, 2017 / Updated: May 24, 2017
Vulnerability identifier: #VU6679
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-7917
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
OnCell
OnCell
Detailed vulnerability description
The vulnerability allows a remote user to perform CSRF attack.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
How to mitigate CVE-2017-7917
Install update from vendor's website.