CVE-2024-4639
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
19.6%
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moxa | oncell_g3470a-lte-eu-t_firmware | * | cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-eu_firmware | * | cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-us-t_firmware | * | cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-us_firmware | * | cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-eu | - | cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-eu-t | - | cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-us | - | cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:* |
| moxa | oncell_g3470a-lte-us-t | - | cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
19.6%