CVE-2023-6094

{"id": "CVE-2023-6094", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@moxa.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-31T10:15:08.787", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement", "tags": ["Vendor Advisory"], "source": "psirt@moxa.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "psirt@moxa.com", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.\n\n"}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad se debe a la falta de protecci\u00f3n de la informaci\u00f3n confidencial durante la transmisi\u00f3n. Un atacante que escuche el tr\u00e1fico entre el navegador web y el servidor puede obtener informaci\u00f3n confidencial. Este tipo de ataque podr\u00eda ejecutarse para recopilar informaci\u00f3n confidencial o para facilitar un ataque posterior contra el objetivo."}], "lastModified": "2024-01-09T14:55:23.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:oncell_g3150a-lte_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F758200-C50E-4456-AAA9-870206050FAE", "versionEndIncluding": "1.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:oncell_g3150a-lte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4BDE004-9181-4030-AEB3-594B9B478879"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@moxa.com"}