CVE-2017-7913
First published: Mon May 29 2017(Updated: )
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Oncell G3110-HSPA-T Firmware | <=1.3 | |
| Moxa OnCell G3110-HSPA | ||
| Moxa Oncell G3110-hsdpa Firmware | <=1.2 | |
| Moxa Oncell G3110-hsdpa Firmware | ||
| Moxa Oncell G3150-hsdpa Firmware | <=1.4 | |
| Moxa Oncell G3150-hsdpa Firmware | ||
| Moxa Oncell 5104-HSPA Firmware | <=- | |
| Moxa Oncell 5104-HSPA Firmware | ||
| Moxa Oncell 5104-HSPA Firmware | <=- | |
| Moxa Oncell 5104-HSPA | ||
| Moxa Oncell 5004-HSPA | <=- | |
| Moxa Oncell 5004-HSPA |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7913?
CVE-2017-7913 is classified as a medium severity vulnerability due to the risk associated with plaintext storage of passwords.
How do I fix CVE-2017-7913?
To mitigate CVE-2017-7913, upgrade the affected Moxa OnCell devices to firmware versions that do not store passwords in plaintext.
Which Moxa OnCell devices are affected by CVE-2017-7913?
CVE-2017-7913 affects Moxa OnCell G3110-HSPA, G3110-HSDPA, G3150-HSDPA, and 5104-HSDPA devices running specified older firmware versions.
What is the consequence of CVE-2017-7913 vulnerability?
The consequence of CVE-2017-7913 is that attackers can easily access user credentials stored in plaintext, potentially leading to unauthorized access.
Is there a patch available for CVE-2017-7913?
Yes, patches are available in newer firmware releases for the affected Moxa OnCell devices to resolve CVE-2017-7913.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa oncell g3110-hspa-t firmware
- version/moxa oncell g3110-hspa-t firmware/1.3
- canonical/moxa oncell g3110-hspa
- canonical/moxa oncell g3110-hsdpa firmware
- version/moxa oncell g3110-hsdpa firmware/1.2
- canonical/moxa oncell g3150-hsdpa firmware
- version/moxa oncell g3150-hsdpa firmware/1.4
- canonical/moxa oncell 5104-hspa firmware
- version/moxa oncell 5104-hspa firmware/-
- canonical/moxa oncell 5104-hspa
- canonical/moxa oncell 5004-hspa
- version/moxa oncell 5004-hspa/-