CVE-2024-4640: OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail
First published: Tue Jun 25 2024(Updated: )
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Moxa Oncell G3470A-LTE-US-T | <=1.7.7 | |
| Moxa OnCell G3470A-LTE-US-T | ||
| All of | ||
| Moxa Oncell G3470A-LTE Firmware | <=1.7.7 | |
| Moxa Oncell G3470A-LTE-EU | ||
| All of | ||
| Moxa Oncell G3470A-LTE-EU-T Firmware | <=1.7.7 | |
| Moxa Oncell G3470A-LTE-EU-T Firmware | ||
| All of | ||
| Moxa Oncell G3470A-LTE-US-T | <=1.7.7 | |
| Moxa Oncell G3470A-LTE-US Firmware |
Remedy
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-4640?
CVE-2024-4640 has been classified as a medium severity vulnerability due to the potential for application crashes.
How do I fix CVE-2024-4640?
To fix CVE-2024-4640, upgrade the firmware of the Moxa Oncell G3470A-LTE Series to version 1.7.8 or later.
What products are affected by CVE-2024-4640?
CVE-2024-4640 affects Moxa Oncell G3470A-LTE Series firmware versions 1.7.7 and prior.
What type of vulnerability is CVE-2024-4640?
CVE-2024-4640 is a buffer overflow vulnerability caused by missing bounds checking.
Can CVE-2024-4640 be exploited remotely?
Yes, CVE-2024-4640 can potentially be exploited remotely if an attacker can send crafted requests to the affected devices.
- agent/remedy
- agent/weakness
- agent/references
- agent/type
- agent/title
- agent/description
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/event
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa oncell g3470a-lte-us-t
- version/moxa oncell g3470a-lte-us-t/1.7.7
- canonical/moxa oncell g3470a-lte firmware
- version/moxa oncell g3470a-lte firmware/1.7.7
- canonical/moxa oncell g3470a-lte-eu
- canonical/moxa oncell g3470a-lte-eu-t firmware
- version/moxa oncell g3470a-lte-eu-t firmware/1.7.7
- canonical/moxa oncell g3470a-lte-us firmware