Lucene search

[email protected]CVE-2024-4641

HistoryJun 25, 2024 - 10:15 a.m.

CVE-2024-4641

2024-06-2510:15:21

CWE-134

[email protected]

web.nvd.nist.gov

oncell g3470a-lte

firmware

format string

vulnerability

memory leak

denial of service

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OnCell G3150A-LTE Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "1.7.7",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-4641

cvelist1 nvd1 vulnrichment1