#VU6679 Cross-site request forgery in OnCell - CVE-2017-7917
Published: May 24, 2017 / Updated: May 24, 2017
Vulnerability identifier: #VU6679
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-7917
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
OnCell
OnCell
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote user to perform CSRF attack.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.
Remediation
Install update from vendor's website.