#VU6679 Cross-site request forgery in OnCell - CVE-2017-7917

Cybersecurity Help s.r.o.

Published: 2017-05-24

Vulnerability identifier: #VU6679

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-7917

CWE-ID: CWE-352

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
OnCell
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Moxa

Description
The vulnerability allows a remote user to perform CSRF attack.

The weakness exists due to insufficient checking of the sent requests. A remote attacker can trick the victim into loading of specially crafted HTML, get access to the affected system and modify the configuration on the target device.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OnCell: G3110-HSDPA 1.2 build 09123015 - 5104-HSDPA

External links
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa OnCell