CVE-2024-4638: OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey
First published: Tue Jun 25 2024(Updated: )
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Moxa Oncell G3470a-lte-eu-t Firmware | <=1.7.7 | |
| Moxa Oncell G3470a-lte-eu-t | ||
| All of | ||
| Moxa Oncell G3470a-lte-eu Firmware | <=1.7.7 | |
| Moxa Oncell G3470a-lte-eu | ||
| All of | ||
| Moxa Oncell G3470a-lte-us Firmware | <=1.7.7 | |
| Moxa Oncell G3470a-lte-us | ||
| All of | ||
| Moxa Oncell G3470a-lte-us-t Firmware | <=1.7.7 | |
| Moxa Oncell G3470a-lte-us-t |
Remedy
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-4638?
CVE-2024-4638 has a critical severity due to its potential for command injection vulnerabilities.
How do I fix CVE-2024-4638?
To remediate CVE-2024-4638, upgrade the firmware of the Moxa Oncell G3470A-LTE Series to a version later than v1.7.7.
What types of devices are affected by CVE-2024-4638?
CVE-2024-4638 impacts Moxa Oncell G3470A-LTE Series devices with firmware versions v1.7.7 and earlier.
What could an attacker do by exploiting CVE-2024-4638?
An attacker exploiting CVE-2024-4638 could execute unauthorized commands on the affected device, compromising its integrity.
Is there any mitigation for CVE-2024-4638 besides upgrading?
Currently, there are no alternative mitigations for CVE-2024-4638; upgrading to the latest firmware is strongly recommended.
- agent/remedy
- agent/weakness
- agent/references
- agent/title
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/moxa
- canonical/moxa oncell g3470a-lte-eu-t firmware
- version/moxa oncell g3470a-lte-eu-t firmware/1.7.7
- canonical/moxa oncell g3470a-lte-eu-t
- canonical/moxa oncell g3470a-lte-eu firmware
- version/moxa oncell g3470a-lte-eu firmware/1.7.7
- canonical/moxa oncell g3470a-lte-eu
- canonical/moxa oncell g3470a-lte-us firmware
- version/moxa oncell g3470a-lte-us firmware/1.7.7
- canonical/moxa oncell g3470a-lte-us
- canonical/moxa oncell g3470a-lte-us-t firmware
- version/moxa oncell g3470a-lte-us-t firmware/1.7.7
- canonical/moxa oncell g3470a-lte-us-t