CVE-2023-6094 MEDIUM

CVE-2023-6094: OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials

Vendor Moxa
Product OnCell G3150A-LTE Series
Weakness CWE-319 · Cleartext transmission
Published December 31, 2023
Last update August 26, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.

Key dates

02Disclosure timeline

December 31, 2023 CVE published
August 26, 2024 Record updated