What is the severity of CVE-2021-39278?

CVE-2021-39278 has been rated as a medium severity vulnerability.

How do I fix CVE-2021-39278?

To fix CVE-2021-39278, users should upgrade their devices to the latest patched firmware versions provided by Moxa.

Which devices are affected by CVE-2021-39278?

CVE-2021-39278 affects several models including Moxa WAC-2004 1.7, WAC-1001 2.1, and OnCell G3470A-LTE-EU 1.7.

What type of vulnerability is CVE-2021-39278?

CVE-2021-39278 is a reflected Cross-Site Scripting (XSS) vulnerability.

Can CVE-2021-39278 be exploited remotely?

Yes, CVE-2021-39278 can be exploited remotely through the Config Import menu on the affected devices.

Vulnerability/
CVE-2021-39278

medium

6.1

CWE

7/9/2021

4/8/2024

CVE-2021-39278: XSS

First published: Tue Sep 07 2021(Updated: )

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Moxa WAC-2004	=1.7
Moxa WAC-2004
Moxa WAC-1001-T Firmware	=2.1
Moxa WAC-1001-T Firmware
Moxa WAC-1001-T Firmware	=2.1
Moxa WAC-1001-T Firmware
Moxa Oncell G3470A-LTE Firmware	=1.7
Moxa Oncell G3470A-LTE-EU
Moxa Oncell G3470A-LTE-EU-T Firmware	=1.7
Moxa Oncell G3470A-LTE-EU-T Firmware
Moxa Tap-323	=1.3
Moxa Tap-323
Moxa Tap-323	=1.3
Moxa Tap-323-us-ct-t Firmware
Moxa Tap-323-jp-ct-t	=1.3
Moxa Tap-323
Moxa WDR-3124A-EU-T Firmware	=2.3
Moxa WDR-3124A-EU Firmware
Moxa WDR-3124A-EU Firmware	=2.3
Moxa WDR-3124A-EU Firmware
Moxa WDR-3124A-US-T	=2.3
Moxa WDR-3124A-US-T Firmware
Moxa WDR-3124A	=2.3
Moxa WDR-3124A

Never miss a vulnerability like this again

Reference Links

http://packetstormsecurity.com/files/164014

Frequently Asked Questions

What is the severity of CVE-2021-39278?
CVE-2021-39278 has been rated as a medium severity vulnerability.
How do I fix CVE-2021-39278?
To fix CVE-2021-39278, users should upgrade their devices to the latest patched firmware versions provided by Moxa.
Which devices are affected by CVE-2021-39278?
CVE-2021-39278 affects several models including Moxa WAC-2004 1.7, WAC-1001 2.1, and OnCell G3470A-LTE-EU 1.7.
What type of vulnerability is CVE-2021-39278?
CVE-2021-39278 is a reflected Cross-Site Scripting (XSS) vulnerability.
Can CVE-2021-39278 be exploited remotely?
Yes, CVE-2021-39278 can be exploited remotely through the Config Import menu on the affected devices.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/moxa
canonical/moxa wac-2004
version/moxa wac-2004/1.7
canonical/moxa wac-1001-t firmware
version/moxa wac-1001-t firmware/2.1
canonical/moxa oncell g3470a-lte firmware
version/moxa oncell g3470a-lte firmware/1.7
canonical/moxa oncell g3470a-lte-eu
canonical/moxa oncell g3470a-lte-eu-t firmware
version/moxa oncell g3470a-lte-eu-t firmware/1.7
canonical/moxa tap-323
version/moxa tap-323/1.3
canonical/moxa tap-323-us-ct-t firmware
canonical/moxa tap-323-jp-ct-t
version/moxa tap-323-jp-ct-t/1.3
canonical/moxa wdr-3124a-eu-t firmware
version/moxa wdr-3124a-eu-t firmware/2.3
canonical/moxa wdr-3124a-eu firmware
version/moxa wdr-3124a-eu firmware/2.3
canonical/moxa wdr-3124a-us-t
version/moxa wdr-3124a-us-t/2.3
canonical/moxa wdr-3124a-us-t firmware
canonical/moxa wdr-3124a
version/moxa wdr-3124a/2.3