CVE-2017-7917

Name of the Vulnerable Software and Affected Versions Moxa OnCell G3110-HSPA versions 1.3 build 15082117 and previous versions Moxa OnCell G3110-HSDPA versions 1.2 Build 09123015 and previous versions Moxa OnCell G3150-HSDPA versions 1.4 Build 11051315 and previous versions Moxa OnCell 5104-HSDPA (affected versions not specified) Moxa OnCell 5104-HSPA (affected versions not specified) Moxa OnCell 5004-HSPA (affected versions not specified)

Description A Cross-Site Request Forgery issue was discovered in the affected Moxa OnCell devices. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request. This could allow an attacker to modify the configuration of the device.

Recommendations For Moxa OnCell G3110-HSPA versions 1.3 build 15082117 and previous versions, update to a version that includes the fix for this issue. For Moxa OnCell G3110-HSDPA versions 1.2 Build 09123015 and previous versions, update to a version that includes the fix for this issue. For Moxa OnCell G3150-HSDPA versions 1.4 Build 11051315 and previous versions, update to a version that includes the fix for this issue. For Moxa OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.