Kaspersky Lab Advisory
(KL-MOXA-2018-102) Memory corruption
Affected Hardware/Software
Moxa OnCell G3100-HSPA Series Firmware version 1.6 Build 17100315 and prior
Severity level
- Impact: Denial of service
- Access Vector: Remote
- CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Overall CVSS Score: 7.5
- CVE ID: CVE-2018-11423
- CWE ID: 476
Hardware/Software description
Moxa OnCell G3100-HSPA Series devices are industrial five-band HSPA high speed IP gateways with VPN functionality
Vulnerability description
Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, a different vulnerability than CVE-2018-11420.
Mitigation
Apply firmware patch from vendor.
Credits
Vulnerability was discovered by Radu Motspan (Kaspersky Lab).