Product support

Security Advisories

SUMMARY

OnCell G3100-HSPA Series Cellular Gateway/Router Vulnerabilities

  • Version: 1.0
  • Release Date: Mar 13, 2018
  • Reference:
    • CVE-2018-5455, CVE-2018-5453, CVE-2018-5449

Multiple product vulnerabilities were identified in Moxa’s OnCell G3100-HSPA Series Cellular Gateway/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1

Reliance on cookies without validation and integrity checking

The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
2

Improper handling of length parameter inconsistency

An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
3

Null pointer dereference

The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products

The affected products and firmware versions are shown below.

Product Series Affected Version
OnCell G3100-HSPA Series Firmware Version 1.4 or prior

 

Solutions

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
OnCell G3100-HSPA Series Please download the new firmware/software here.

 

Revision History

Version Description Release Date
1.0 First Release Mar 13, 2018

Relevant Products

OnCell G3100-HSPA Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag