A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.
                
            References
                    | Link | Resource | 
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01 | Third Party Advisory US Government Resource | 
| https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01 | Third Party Advisory US Government Resource | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
Configuration 3 (hide)
| AND | 
 
 | 
Configuration 4 (hide)
| AND | 
 
 | 
Configuration 5 (hide)
| AND | 
 
 | 
Configuration 6 (hide)
| AND | 
 
 | 
History
                    21 Nov 2024, 03:32
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01 - Third Party Advisory, US Government Resource | 
Information
                Published : 2017-05-29 16:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-7917
Mitre link : CVE-2017-7917
CVE.ORG link : CVE-2017-7917
JSON object : View
Products Affected
                moxa
- oncell_g3110-hspa
- oncell_5104-hspa_firmware
- oncell_g3150-hsdpa_firmware
- oncell_5104-hsdpa_firmware
- oncell_g3110-hspa_firmware
- oncell_5104-hspa
- oncell_5004-hspa
- oncell_g3150-hsdpa
- oncell_g3110-hsdpa
- oncell_5004-hspa_firmware
- oncell_5104-hsdpa
- oncell_g3110-hsdpa_firmware
CWE
                
                    
                        
                        CWE-352
                        
            Cross-Site Request Forgery (CSRF)
