CVE-2018-11426

Name of the Vulnerable Software and Affected Versions Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior

Description The issue is related to a weak Cookie parameter used in the web application, which can be brute-forced by an attacker to bypass authentication. This allows access to the web interface, enabling the use of all its functions except for password change. The vulnerability is associated with deficiencies in the authentication procedure, potentially allowing a remote attacker to gain access to the device with root privileges.

Recommendations For Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, consider temporarily restricting access to the web interface until a patch is available. As a mitigation measure, avoid using the weak Cookie parameter in the web application.