OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
24 Sep 2024, 17:13
Type | Values Removed | Values Added |
---|---|---|
First Time |
Moxa oncell G3470a-lte-eu-t
Moxa oncell G3470a-lte-us-t Moxa oncell G3470a-lte-eu Firmware Moxa oncell G3470a-lte-us Moxa oncell G3470a-lte-us-t Firmware Moxa oncell G3470a-lte-eu-t Firmware Moxa oncell G3470a-lte-us Firmware Moxa oncell G3470a-lte-eu Moxa |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:* |
|
References | () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - Vendor Advisory |
25 Jun 2024, 12:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jun 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-25 09:15
Updated : 2024-09-24 17:13
NVD link : CVE-2024-4638
Mitre link : CVE-2024-4638
CVE.ORG link : CVE-2024-4638
JSON object : View
Products Affected
moxa
- oncell_g3470a-lte-eu-t_firmware
- oncell_g3470a-lte-us-t_firmware
- oncell_g3470a-lte-us
- oncell_g3470a-lte-us-t
- oncell_g3470a-lte-eu-t
- oncell_g3470a-lte-eu
- oncell_g3470a-lte-us_firmware
- oncell_g3470a-lte-eu_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')