Multiple product vulnerabilities were identified in Moxa’s OnCell G3100-HSPA Series Cellular Gateway/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.
The identified vulnerability types and potential impacts are shown below:
Item |
Vulnerability Type |
Impact |
1 |
Reliance on cookies without validation and integrity checking
|
The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. |
2 |
Improper handling of length parameter inconsistency
|
An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. |
3 |
Null pointer dereference
|
The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. |