CVE-2017-7917
Published May 29, 2017
Last updated 5 years ago
Overview
- Description
- A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_g3110-hspa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CFA5909-E3E7-4BDC-9235-B384FD23D17D",
"versionEndIncluding": "1.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_g3110-hspa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43B1828B-E962-4D9B-A6F0-2CAD46ED9A4F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_g3110-hsdpa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D20F3CE-5D91-4721-BE5E-92DFE609C27D",
"versionEndIncluding": "1.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_g3110-hsdpa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CC8C9C07-2B12-4222-A41D-2606CF556316"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_g3150-hsdpa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C218E098-97B2-4551-9176-71310BD78048",
"versionEndIncluding": "1.4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_g3150-hsdpa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0051BC60-664B-4AF3-862B-D4E61488DF99"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_5104-hsdpa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6647DC3F-1F80-45FF-86E6-08946C12C261",
"versionEndIncluding": "-"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_5104-hsdpa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2FE37944-87F9-46EF-B819-C911A04F9E16"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_5104-hspa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FED2A2C5-82CD-46FC-A806-39273772640A",
"versionEndIncluding": "-"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_5104-hspa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AEADDBA3-E09D-4681-AD66-9026D66EE00D"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:oncell_5004-hspa_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A479DB2-58FC-469D-AC96-71324B7E666C",
"versionEndIncluding": "-"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:oncell_5004-hspa:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F83D3184-78F8-42FB-9BF8-A4DFDB34F281"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]