CVE-2017-7917: CSRF
First published: Mon May 29 2017(Updated: )
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Oncell G3110-hspa Firmware | <=1.3 | |
| Moxa OnCell G3110-HSPA | ||
| Moxa Oncell G3110-hsdpa Firmware | <=1.2 | |
| Moxa Oncell G3110-hsdpa | ||
| Moxa Oncell G3150-hsdpa Firmware | <=1.4 | |
| Moxa Oncell G3150-hsdpa | ||
| Moxa Oncell 5104-hsdpa Firmware | <=- | |
| Moxa Oncell 5104-hsdpa | ||
| Moxa Oncell 5104-hspa Firmware | <=- | |
| Moxa Oncell 5104-hspa | ||
| Moxa Oncell 5004-hspa Firmware | <=- | |
| Moxa Oncell 5004-hspa |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7917?
CVE-2017-7917 is classified as a medium-severity vulnerability due to its potential impact on security through Cross-Site Request Forgery.
How do I fix CVE-2017-7917?
To mitigate CVE-2017-7917, update the Moxa OnCell device firmware to a version that is not vulnerable, specifically versions higher than 1.3 for G3110-HSPA, higher than 1.2 for G3110-HSDPA, and higher than 1.4 for G3150-HSDPA.
Which Moxa devices are affected by CVE-2017-7917?
CVE-2017-7917 affects the Moxa OnCell G3110-HSPA, G3110-HSDPA, G3150-HSDPA, and OnCell 5104 models running specified vulnerable firmware versions.
What type of vulnerability is CVE-2017-7917?
CVE-2017-7917 is a Cross-Site Request Forgery (CSRF) vulnerability, which could allow an attacker to perform unauthorized actions on behalf of a user.
Are there any workarounds for CVE-2017-7917 if an update cannot be applied?
While it's recommended to apply firmware updates, if not possible, limiting access to the device and employing network security measures can help mitigate the risk from CVE-2017-7917.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/moxa
- canonical/moxa oncell g3110-hspa firmware
- version/moxa oncell g3110-hspa firmware/1.3
- canonical/moxa oncell g3110-hspa
- canonical/moxa oncell g3110-hsdpa firmware
- version/moxa oncell g3110-hsdpa firmware/1.2
- canonical/moxa oncell g3110-hsdpa
- canonical/moxa oncell g3150-hsdpa firmware
- version/moxa oncell g3150-hsdpa firmware/1.4
- canonical/moxa oncell g3150-hsdpa
- canonical/moxa oncell 5104-hsdpa firmware
- version/moxa oncell 5104-hsdpa firmware/-
- canonical/moxa oncell 5104-hsdpa
- canonical/moxa oncell 5104-hspa firmware
- version/moxa oncell 5104-hspa firmware/-
- canonical/moxa oncell 5104-hspa
- canonical/moxa oncell 5004-hspa firmware
- version/moxa oncell 5004-hspa firmware/-
- canonical/moxa oncell 5004-hspa