CVE-2017-7913 : Security Advisory and Response

A security vulnerability was found in Moxa OnCell devices, specifically affecting various versions. The issue stems from storing password parameters in plain text in the application's configuration file.

Understanding CVE-2017-7913

What is CVE-2017-7913?

This CVE identifies a vulnerability in Moxa OnCell devices where passwords are stored in plain text in the application's configuration file.

The Impact of CVE-2017-7913

The vulnerability could potentially expose sensitive password information to unauthorized access, leading to security breaches and unauthorized system access.

Technical Details of CVE-2017-7913

Vulnerability Description

The flaw exists in versions 1.3 build 15082117 and earlier for OnCell G3110-HSPA, 1.2 Build 09123015 and earlier for OnCell G3110-HSDPA, 1.4 Build 11051315 and earlier for OnCell G3150-HSDPA, as well as OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA.

Affected Systems and Versions

OnCell G3110-HSPA: Version 1.3 build 15082117 and earlier
OnCell G3110-HSDPA: Version 1.2 Build 09123015 and earlier
OnCell G3150-HSDPA: Version 1.4 Build 11051315 and earlier
OnCell 5104-HSDPA, OnCell 5104-HSPA, OnCell 5004-HSPA

Exploitation Mechanism

Attackers could exploit this vulnerability by accessing the plaintext password information stored in the configuration file, potentially compromising system security.

Mitigation and Prevention

Immediate Steps to Take

Change all passwords stored in the affected Moxa OnCell devices immediately.
Implement strong password policies and encryption methods to secure sensitive information.

Long-Term Security Practices

Regularly update and patch the firmware of Moxa OnCell devices to address security vulnerabilities.
Conduct security audits and assessments to identify and mitigate potential risks.

Patching and Updates

Apply patches and updates provided by Moxa to address the plaintext password storage issue and enhance overall system security.