HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-4638

CVSS 7.1v3.1pub. 2024-06-25upd. 2025-03-10

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
  • Moxa Oncell G3470a Lte Eu

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Eu Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Eu T

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Eu T Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Us

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Us Firmware

    OS
    Moxa
    ≤ 1.7.7
  • Moxa Oncell G3470a Lte Us T

    HW
    Moxa
    wszystkie wersje
  • Moxa Oncell G3470a Lte Us T Firmware

    OS
    Moxa
    ≤ 1.7.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2018-11425CRITICAL9.8ten sam produkt

Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, ...

CVE-2024-4639HIGH7.1ten sam produkt

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack o...

CVE-2024-4640HIGH7.1ten sam produkt

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing ...

CVE-2021-39279HIGH8.8ten sam produkt

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1....

CVE-2018-11424HIGH7.5ten sam produkt

There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 an...