OnCell G3470A-LTE Series Firmware Vulnerability
CVE-2024-4638

8.8HIGH

Key Information:

Vendor: Moxa
Status: Oncell G3470a-lte Series
Vendor: CVE Published:; 25 June 2024

Summary

The Moxa OnCell G3470A-LTE Series firmware suffers from a vulnerability stemming from improper input validation in the web key upload function. This flaw allows an attacker to manipulate intended commands sent to target functions, potentially enabling malicious users to execute unauthorized commands within the system. Affected firmware versions include v1.7.7 and earlier. Users are advised to review security recommendations and apply necessary updates to safeguard their devices.

Affected Version(s)

OnCell G3470A-LTE Series 1.0 <= 1.7.7

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 8, 2024

Credit

Nikita Abramov from Positive Technologies