4.3
CVSSv2

CVE-2021-39278

Published: 07/09/2021 Updated: 09/09/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

moxa wac-2004 firmware 1.7

moxa wac-1001 firmware 2.1

moxa wac-1001-t firmware 2.1

moxa oncell g3470a-lte-eu firmware 1.7

moxa oncell g3470a-lte-eu-t firmware 1.7

moxa tap-323-eu-ct-t firmware 1.3

moxa tap-323-us-ct-t firmware 1.3

moxa tap-323-jp-ct-t firmware 1.3

moxa wdr-3124a-eu firmware 2.3

moxa wdr-3124a-eu-t firmware 2.3

moxa wdr-3124a-us firmware 2.3

moxa wdr-3124a-us-t firmware 2.3

Exploits

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities ...

Mailing Lists

SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE nu ...