As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories


OnCell G3150A/G3470A Series and WDR-3124A Series Cellular Gateways/Router Vulnerabilities

  • Security Advisory ID: MPSA-211211
  • Version: V1.0
  • Release Date: Dec 30, 2021
  • Reference:
    • CVE-2021-37752, CVE-2021-37753, CVE-2021-37755, CVE-2021-37757, CVE-2021-37751, CVE-2021-37754, CVE-2021-37758

Multiple product vulnerabilities were identified in Moxa’s OnCell G3150A/G3470A Series and WDR-3124A Series Cellular Gateways/Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Command Injection for Authentication (CWE-77), CVE-2021-37752 An attacker located remotely can execute arbitrary commands on the device via a web interface.
2 Authentication Bypass and Unencrypted Credentials
(CWE-303, CWE-256), CVE-2021-37753, CVE-2021-37755
An attacker located remotely can bypass authentication mechanisms.
3 Improper Restriction That Causes Buffer Overflow
(CWE-119), CVE-2021-37757
An attacker located remotely can crash the service of the devices.
4 Reveals Sensitive Information to an Unauthorized Actor (CWE-204), CVE-2021-37751 An attacker located remotely can obtain sensitive information.
5 Improper Restriction of Excessive Authentication Attempts
(CWE-307), CVE-2021-37754
An attacker located remotely can use brute force to obtain credentials.
6 Improper Verification of Firmware
(CWE-347), CVE-2021-37758
An attacker can create malicious firmware for the device.



Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
OnCell G3150A Series Firmware Version 1.5 or lower.
OnCell G3470A Series Firmware Version 1.7 or lower.
WDR-3124A Series Firmware Version 1.3 or lower.



Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
OnCell G3150A Series
OnCell G3470A Series
WDR-3124A Series
For item 1: Users can disable the HTTP console and enable HTTPs by device configuration.

For items 2 to 5: Users can disable the Moxa Service console by configuring the device.

For item 6: We recommend users download firmware from or another trusted source. We also provide SHA-512 checksum for firmware integrity check.


We would like to express our appreciation to Jake Baines from Dragos for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers

Revision History:

1.0 First Release Dec 30, 2021

Relevant Products

OnCell G3150A-LTE Series · OnCell G3470A-LTE Series · WDR-3124A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!