Title: Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Advisory ID: ZSL-2018-5478 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 17.07.2018 Summary Description: Device versions of IPn4Gb, IPn3Gb, IPn4G, Bullet-3G, VIP4G, and Dragon-LTE are affected by a CSRF vulnerability that allows unauthorized actions via HTTP requests. Vendor: Microhard Systems Inc. Affected Versions IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 Rev 2 build 1086 Bullet-3G 1.2.0 Rev A build 1032 VIP4Gb 1.1.6 build 1204 VIP4G 1.1.6 Rev 3.0 build 1184-14 VIP4G-WiFi-F 1.1.6 Rev 2.0.0 build 1196 IPn3Gi / Bullet-3G 1.2.0 build 1076 IPn4Gi / Bullet-LTE 1.2.0 build 1078 BulletPlus 1.3.0 build 1036 Dragon-LTE 1.1.0 build 1036 Timeline [13.03.2018] Vulnerability discovered. [13.03.2018] Vendor contacted. [09.05.2018] No response from the vendor. [10.05.2018] Vendor contacted again. [24.05.2018] No response from the vendor. [25.05.2018] Vendor contacted again. [16.07.2018] No response from the vendor. [17.07.2018] Public security advisory released. References [1] https://www.exploit-db.com/exploits/45034/ [2] https://exchange.xforce.ibmcloud.com/vulnerabilities/146624 [3] https://cxsecurity.com/issue/WLB-2018070168 [4] https://packetstormsecurity.com/files/148562