CVE-2018-5455
05.03.2018, 17:29
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| moxa | oncell_g3110-hspa_firmware | 𝑥 ≤ 1.4 |
| moxa | oncell_g3110-hspa-t_firmware | 𝑥 ≤ 1.4 |
| moxa | oncell_g3150-hspa_firmware | 𝑥 ≤ 1.4 |
| moxa | oncell_g3150-hspa-t_firmware | 𝑥 ≤ 1.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-565 - Reliance on Cookies without Validation and Integrity CheckingThe application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.