CVE-2021-39278

Name of the Vulnerable Software and Affected Versions MOXA WAC-2004 version 1.7 MOXA WAC-1001 version 2.1 MOXA WAC-1001-T version 2.1 MOXA OnCell G3470A-LTE-EU version 1.7 MOXA OnCell G3470A-LTE-EU-T version 1.7 MOXA TAP-323-EU-CT-T version 1.3 MOXA TAP-323-US-CT-T version 1.3 MOXA TAP-323-JP-CT-T version 1.3 MOXA WDR-3124A-EU version 2.3 MOXA WDR-3124A-EU-T version 2.3 MOXA WDR-3124A-US version 2.3 MOXA WDR-3124A-US-T version 2.3

Description The issue is related to reflected XSS via the Config Import menu, which can be exploited by a remote attacker to import arbitrary files through the web interface. This is due to the lack of protection measures for the web page structure.

Recommendations For MOXA WAC-2004 version 1.7, update the firmware to a version that fixes the issue. For MOXA WAC-1001 version 2.1, update the firmware to a version that fixes the issue. For MOXA WAC-1001-T version 2.1, update the firmware to a version that fixes the issue. For MOXA OnCell G3470A-LTE-EU version 1.7, update the firmware to a version that fixes the issue. For MOXA OnCell G3470A-LTE-EU-T version 1.7, update the firmware to a version that fixes the issue. For MOXA TAP-323-EU-CT-T version 1.3, update the firmware to a version that fixes the issue. For MOXA TAP-323-US-CT-T version 1.3, update the firmware to a version that fixes the issue. For MOXA TAP-323-JP-CT-T version 1.3, update the firmware to a version that fixes the issue. For MOXA WDR-3124A-EU version 2.3, update the firmware to a version that fixes the issue. For MOXA WDR-3124A-EU-T version 2.3, update the firmware to a version that fixes the issue. For MOXA WDR-3124A-US version 2.3, update the firmware to a version that fixes the issue. For MOXA WDR-3124A-US-T version 2.3, update the firmware to a version that fixes the issue. As a temporary workaround, consider restricting access to the Config Import menu until a patch is available.