CVE-2018-5455

CRITICAL

Moxa OnCell G3100-HSPA <1.4 - Auth Bypass

Title source: llm

Description

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02

Scores

CVSS v3 9.8

EPSS 0.0045

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287 CWE-565

Status published

Products (4)

moxa/oncell_g3110-hspa-t_firmware < 1.4

moxa/oncell_g3110-hspa_firmware < 1.4

moxa/oncell_g3150-hspa-t_firmware < 1.4

moxa/oncell_g3150-hspa_firmware < 1.4

Published Mar 05, 2018

Tracked Since Feb 18, 2026