Vulnerability Description
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Oncell G3150-Hspa Firmware | <= 1.4 |
| Moxa | Oncell G3150-Hspa | - |
| Moxa | Oncell G3150-Hspa-T Firmware | <= 1.4 |
| Moxa | Oncell G3150-Hspa-T | - |
Related Weaknesses (CWE)
References
- https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-105.mdThird Party Advisory
- https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-105.mdThird Party Advisory
FAQ
What is CVE-2018-11426?
CVE-2018-11426 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication a...
How severe is CVE-2018-11426?
CVE-2018-11426 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11426?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Oncell G3150-Hspa Firmware, Moxa Oncell G3150-Hspa, Moxa Oncell G3150-Hspa-T Firmware, Moxa Oncell G3150-Hspa-T.