Vulnerabilities > CVE-2017-7915 - Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

moxa

CWE-307

NVD

Published: 2017-05-29

Updated: 2019-10-09

Summary

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa Oncell G3110 Hspa Firmware * Moxa Oncell G3110 Hsdpa Firmware * Moxa Oncell G3150 Hsdpa Firmware * Moxa Oncell 5104 Hsdpa Firmware * Moxa Oncell 5104 Hspa Firmware * Moxa Oncell 5004 Hspa Firmware *	6
Hardware	Moxa Moxa Oncell G3110 Hspa - Moxa Oncell G3110 Hsdpa - Moxa Oncell G3150 Hsdpa - Moxa Oncell 5104 Hsdpa - Moxa Oncell 5104 Hspa - Moxa Oncell 5004 Hspa -	6

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01