Lucene search

MoxaVULNRICHMENT:CVE-2024-4639

HistoryJun 25, 2024 - 9:15 a.m.

CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec

2024-06-2509:15:03

CWE-77

Moxa

github.com

oncell g3470a-lte

command injection

ipsec configuration

firmware vulnerability

authenticated

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

19.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "OnCell G3150A-LTE Series",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "versionType": "custom",
        "lessThanOrEqual": "1.7.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

19.6%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-4639