CVE-2024-4641

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*

History

18 Sep 2024, 15:52

Type Values Removed Values Added
CPE cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*
First Time Moxa oncell G3470a-lte-eu-t Firmware
Moxa oncell G3470a-lte-us Firmware
Moxa oncell G3470a-lte-us
Moxa oncell G3470a-lte-eu
Moxa
Moxa oncell G3470a-lte-us-t Firmware
Moxa oncell G3470a-lte-us-t
Moxa oncell G3470a-lte-eu Firmware
Moxa oncell G3470a-lte-eu-t
References () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - Vendor Advisory
CVSS v2 : unknown
v3 : 6.3
v2 : unknown
v3 : 9.8

25 Jun 2024, 12:24

Type Values Removed Values Added
Summary
  • (es) Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podría modificar una cadena de formato controlada externamente para provocar una pérdida de memoria y una denegación de servicio.

25 Jun 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 10:15

Updated : 2024-09-18 15:52


NVD link : CVE-2024-4641

Mitre link : CVE-2024-4641

CVE.ORG link : CVE-2024-4641


JSON object : View

Products Affected

moxa

  • oncell_g3470a-lte-eu
  • oncell_g3470a-lte-us_firmware
  • oncell_g3470a-lte-eu-t_firmware
  • oncell_g3470a-lte-us-t
  • oncell_g3470a-lte-us-t_firmware
  • oncell_g3470a-lte-eu-t
  • oncell_g3470a-lte-us
  • oncell_g3470a-lte-eu_firmware
CWE
CWE-134

Use of Externally-Controlled Format String