Lucene search

[email protected]NVD:CVE-2024-4640

HistoryJun 25, 2024 - 10:15 a.m.

CVE-2024-4640

2024-06-2510:15:20

CWE-120

[email protected]

web.nvd.nist.gov

oncell g3470a-lte

firmware

buffer operations

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

17.8%

JSON

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.

Affected configurations

Nvd

Node

moxaoncell_g3470a-lte-eu-t_firmwareRange≤1.7.7

moxaoncell_g3470a-lte-eu_firmwareRange≤1.7.7

moxaoncell_g3470a-lte-us-t_firmwareRange≤1.7.7

moxaoncell_g3470a-lte-us_firmwareRange≤1.7.7

AND

moxaoncell_g3470a-lte-euMatch-

moxaoncell_g3470a-lte-eu-tMatch-

moxaoncell_g3470a-lte-usMatch-

moxaoncell_g3470a-lte-us-tMatch-

VendorProductVersionCPE
moxaoncell_g3470a-lte-eu-t_firmware*cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-eu_firmware*cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-us-t_firmware*cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-us_firmware*cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-eu-cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-eu-t-cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-us-cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*
moxaoncell_g3470a-lte-us-t-cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moxa	oncell_g3470a-lte-eu-t_firmware	*	cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware::::::::
moxa	oncell_g3470a-lte-eu_firmware	*	cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware::::::::
moxa	oncell_g3470a-lte-us-t_firmware	*	cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware::::::::
moxa	oncell_g3470a-lte-us_firmware	*	cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware::::::::
moxa	oncell_g3470a-lte-eu	-	cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:::::::*
moxa	oncell_g3470a-lte-eu-t	-	cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:::::::*
moxa	oncell_g3470a-lte-us	-	cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:::::::*
moxa	oncell_g3470a-lte-us-t	-	cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:::::::*

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS

0.001

Percentile

17.8%

JSON

Related for NVD:CVE-2024-4640

cve1 cvelist1 vulnrichment1