CVE-2023-6094

OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials

CVSS 5.3 MEDIUMEPSS 0.2%CWE-319

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

31 Dec 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Moxa · OnCell G3150A-LTE Series

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement