CVE-2016-5799 – This vulnerability allows remote attackers to p... (How to Fix)

Q: What is the severity of CVE-2016-5799?

CVE-2016-5799 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to perform brute-force attacks against Moxa OnCell cellular gateway devices due to insufficient authentication attempt restrictions. Successful exploitation grants unauthorized access to device administration interfaces. Affected organizations include industrial control systems, utilities, and remote infrastructure using these specific Moxa devices.

📋 TL;DR

This vulnerability allows remote attackers to perform brute-force attacks against Moxa OnCell cellular gateway devices due to insufficient authentication attempt restrictions. Successful exploitation grants unauthorized access to device administration interfaces. Affected organizations include industrial control systems, utilities, and remote infrastructure using these specific Moxa devices.

💻 Affected Systems

Products:

Moxa OnCell G3100V2
Moxa OnCell G3111
Moxa OnCell G3151
Moxa OnCell G3211
Moxa OnCell G3251

Versions: G3100V2 before 2.8; G3111, G3151, G3211, G3251 before 1.7

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Devices are cellular gateways used in industrial/SCADA environments.

📦 What is this software?

Oncell G3001 Firmware by Moxa

View all CVEs affecting Oncell G3001 Firmware →

Oncell G3100v2 Firmware by Moxa

View all CVEs affecting Oncell G3100v2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to reconfigure industrial networks, disrupt operations, or pivot to internal systems.

🟠

Likely Case

Unauthorized administrative access leading to device configuration changes, network disruption, or credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring detecting brute-force attempts.

🌐 Internet-Facing: HIGH - Devices often deployed in remote locations with internet connectivity for management.

🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Brute-force attacks require no special tools or authentication. Attackers only need network access to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: G3100V2 2.8 or later; G3111, G3151, G3211, G3251 1.7 or later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01

Restart Required: Yes

Instructions:

1. Download firmware from Moxa support portal. 2. Backup device configuration. 3. Upload firmware via web interface. 4. Reboot device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to device management interfaces using firewall rules.

Account Lockout Implementation

all

Configure external authentication system with account lockout policies.

🧯 If You Can't Patch

Implement network segmentation to isolate devices from untrusted networks
Deploy intrusion detection systems to monitor for brute-force attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console.

Check Version:

Login to web interface and check System Information page.

Verify Fix Applied:

Confirm firmware version is G3100V2 2.8+ or other models 1.7+.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from single IP
Successful login after many failures

Network Indicators:

High volume of HTTP/HTTPS requests to login endpoints
Traffic patterns suggesting automated credential testing

SIEM Query:

source_ip=* AND (url_path="/login" OR url_path="/cgi-bin/login.cgi") AND status=401 COUNT > 10 PER hour

📊 Metadata

CVE ID: CVE-2016-5799

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

Published: August 24, 2016

Last Updated: April 12, 2025

🔗 References

http://www.securityfocus.com/bid/92606
https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 Mitigation,Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/92606
https://ics-cert.us-cert.gov/advisories/ICSA-16-236-01 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-5799, you might also want to check these: