Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
OnCell G3470A-LTE Series |
Firmware version 1.6 or lower |
OnCell G3100-HSPA Series |
Firmware version 1.4 or below for vulnerabilities 1, 2, and 3 (CVE-2018-11420, CVE-2018-11423, and CVE-2018-11424)
Firmware version 1.7 or below for vulnerabilities 4, 5, 6, and 7 (CVE-2018-11426, CVE-2018-11427, CVE-2018-11421 and CVE-2018-11422) |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series |
Solutions |
OnCell G3470A-LTE Series |
Please download the new firmware/software here. |
OnCell G3100-HSPA Series |
For vulnerabilities 1, 2, 3, 4 and 5 (CVE-2018-11420, CVE-2018-11423, CVE-2018-11424, CVE-2018-11426 and CVE-2018-11427), please download the new firmware/software here.
For vulnerability items 6 and 7 (CVE-2018-11421 and CVE-2018-11422), it only affected when using “OnCell Search Utility” and “OnCell Central Manager” on Moxa OnCell-G3100-HSPA. Moxa recommends our customers add additional secure communication mechanism such as configuring “OnCell Central Manager” as an IPsec VPN Server on OnCell to build a VPN solutions to mitigate potential risk. |
Acknowledgment:
We would like to express our appreciation to Mr. Alexander Zaytsev from Kaspersky Lab for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Feb 13, 2020 |