Vulnerabilities > Moxa > Oncell G3150 Hspa T Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2018-11423 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa products
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
network
low complexity
moxa CWE-119
7.5
2019-07-03 CVE-2018-11422 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls.
network
low complexity
moxa CWE-319
critical
9.8
2019-07-03 CVE-2018-11421 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls.
network
low complexity
moxa CWE-319
critical
9.8
2019-07-03 CVE-2018-11420 Out-of-bounds Write vulnerability in Moxa products
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
network
low complexity
moxa CWE-787
critical
9.8
2019-07-03 CVE-2018-11427 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
network
low complexity
moxa CWE-352
8.8
2019-07-03 CVE-2018-11426 Improper Authentication vulnerability in Moxa products
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
network
low complexity
moxa CWE-287
critical
9.8
2018-03-05 CVE-2018-5455 Improper Authentication vulnerability in Moxa products
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
network
low complexity
moxa CWE-287
critical
9.8
2018-03-05 CVE-2018-5453 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa products
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
network
low complexity
moxa CWE-119
7.5
2018-03-05 CVE-2018-5449 NULL Pointer Dereference vulnerability in Moxa products
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior.
low complexity
moxa CWE-476
6.5