// For flags

CVE-2017-7917

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.

Fue detectado un problema de tipo cross-site request forgery en OnCell G3110-HSPA Versión 1.3 build 15082117 y anteriores, OnCell G3110-HSDPA Versión 1.2 Build 09123015 y anteriores, OnCell G3150-HSDPA Versión 1.4 Build 11051315 y anteriores, OnCell 5104-HSDPA, OnCell 5104-HSPA y OnCell 5004-HSPA de Moxa. La aplicación no comprueba suficientemente si una petición fue proporcionada intencionalmente por el usuario que envió la petición, lo que podría permitir a un atacante modificar la configuración del dispositivo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-18 CVE Reserved
  • 2017-05-29 CVE Published
  • 2024-02-09 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL Tag Source
https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moxa
Search vendor "Moxa"
 Oncell G3110-hspa Firmware
Search vendor "Moxa" for product "Oncell G3110-hspa Firmware"
 <= 1.3
Search vendor "Moxa" for product "Oncell G3110-hspa Firmware" and version " <= 1.3"
-
Affected
in Moxa
Search vendor "Moxa"
 Oncell G3110-hspa
Search vendor "Moxa" for product "Oncell G3110-hspa"
--
Safe
Moxa
Search vendor "Moxa"
 Oncell G3110-hsdpa Firmware
Search vendor "Moxa" for product "Oncell G3110-hsdpa Firmware"
 <= 1.2
Search vendor "Moxa" for product "Oncell G3110-hsdpa Firmware" and version " <= 1.2"
-
Affected
in Moxa
Search vendor "Moxa"
 Oncell G3110-hsdpa
Search vendor "Moxa" for product "Oncell G3110-hsdpa"
--
Safe
Moxa
Search vendor "Moxa"
 Oncell G3150-hsdpa Firmware
Search vendor "Moxa" for product "Oncell G3150-hsdpa Firmware"
 <= 1.4
Search vendor "Moxa" for product "Oncell G3150-hsdpa Firmware" and version " <= 1.4"
-
Affected
in Moxa
Search vendor "Moxa"
 Oncell G3150-hsdpa
Search vendor "Moxa" for product "Oncell G3150-hsdpa"
--
Safe
Moxa
Search vendor "Moxa"
 Oncell 5104-hsdpa Firmware
Search vendor "Moxa" for product "Oncell 5104-hsdpa Firmware"
*-
Affected
in Moxa
Search vendor "Moxa"
 Oncell 5104-hsdpa
Search vendor "Moxa" for product "Oncell 5104-hsdpa"
--
Safe
Moxa
Search vendor "Moxa"
 Oncell 5104-hspa Firmware
Search vendor "Moxa" for product "Oncell 5104-hspa Firmware"
*-
Affected
in Moxa
Search vendor "Moxa"
 Oncell 5104-hspa
Search vendor "Moxa" for product "Oncell 5104-hspa"
--
Safe
Moxa
Search vendor "Moxa"
 Oncell 5004-hspa Firmware
Search vendor "Moxa" for product "Oncell 5004-hspa Firmware"
*-
Affected
in Moxa
Search vendor "Moxa"
 Oncell 5004-hspa
Search vendor "Moxa" for product "Oncell 5004-hspa"
--
Safe