Lucene search

MoxaVULNRICHMENT:CVE-2024-4641

HistoryJun 25, 2024 - 9:23 a.m.

CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors

2024-06-2509:23:30

CWE-134

Moxa

github.com

cve-2024-4641

authenticated format string errors

memory leak

denial of service

oncell g3470a-lte series

firmware vulnerability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

CNA Affected

[
  {
    "vendor": "Moxa",
    "product": "OnCell G3150A-LTE Series",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "versionType": "custom",
        "lessThanOrEqual": "1.7.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities