CVE-2024-4639

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*

History

18 Sep 2024, 15:46

Type Values Removed Values Added
References () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - Vendor Advisory
CPE cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*
First Time Moxa oncell G3470a-lte-eu-t Firmware
Moxa oncell G3470a-lte-us Firmware
Moxa oncell G3470a-lte-us
Moxa oncell G3470a-lte-eu
Moxa
Moxa oncell G3470a-lte-us-t Firmware
Moxa oncell G3470a-lte-us-t
Moxa oncell G3470a-lte-eu Firmware
Moxa oncell G3470a-lte-eu-t
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 8.8

25 Jun 2024, 12:24

Type Values Removed Values Added
Summary
  • (es) Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores han sido identificadas como vulnerables debido a la falta de entradas neutralizadas en la configuración IPSec. Un atacante podría modificar los comandos previstos enviados a las funciones de destino, lo que podría provocar que usuarios malintencionados ejecuten comandos no autorizados.

25 Jun 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 10:15

Updated : 2024-10-10 10:39


NVD link : CVE-2024-4639

Mitre link : CVE-2024-4639

CVE.ORG link : CVE-2024-4639


JSON object : View

Products Affected

moxa

  • oncell_g3470a-lte-eu
  • oncell_g3470a-lte-us_firmware
  • oncell_g3470a-lte-eu-t_firmware
  • oncell_g3470a-lte-us-t
  • oncell_g3470a-lte-us-t_firmware
  • oncell_g3470a-lte-eu-t
  • oncell_g3470a-lte-us
  • oncell_g3470a-lte-eu_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')