#VU10813 Brute-force attack in OnCell G3100-HSPA Series - CVE-2018-5455
Published: March 2, 2018
Vulnerability identifier: #VU10813
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5455
CWE-ID: CWE-565
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OnCell G3100-HSPA Series
OnCell G3100-HSPA Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows remote attacker to perform brute-force attack on the target system.
The vulnerability exists due to the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack, bypass authentication and gain access to device functions.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
The vulnerability exists due to the application allows a cookie parameter to consist of only digits. A remote attacker can perform a brute force attack, bypass authentication and gain access to device functions.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
Remediation
Install update from vendor's website.