HIGH✓ PATCH🇬🇧 English

CVE-2024-4638

CVSS 7.1v3.1pub. 2024-06-25upd. 2025-03-10

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
  • Moxa Oncell G3470a Lte Eu

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Eu Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Eu T

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Eu T Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Us

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Us Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Us T

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Us T Firmware

    OS
    Moxa
    ≤ 1.7.7
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2018-11425CRITICAL9.8ten sam produkt

Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, ...

CVE-2024-4639HIGH7.1ten sam produkt

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack o...

CVE-2024-4640HIGH7.1ten sam produkt

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing ...

CVE-2021-39279HIGH8.8ten sam produkt

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1....

CVE-2018-11424HIGH7.5ten sam produkt

There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 an...

CVE-2024-4638 — HIGH 7.1 | CVEbaza.pl