What is the severity of CVE-2024-4641?

CVE-2024-4641 is classified as a high severity vulnerability due to its potential for causing denial of service.

How do I fix CVE-2024-4641?

To fix CVE-2024-4641, update the firmware of the OnCell G3470A-LTE series to version v1.7.8 or later.

What types of attacks can exploit CVE-2024-4641?

CVE-2024-4641 can be exploited through remote format string attacks resulting in memory leaks and denial of service.

Which firmware versions are affected by CVE-2024-4641?

CVE-2024-4641 affects all firmware versions v1.7.7 and prior of the OnCell G3470A-LTE series.

What devices are impacted by CVE-2024-4641?

Devices impacted by CVE-2024-4641 include the Moxa OnCell G3470A-LTE-EU, G3470A-LTE-US, and their corresponding variants.

Vulnerability/
CVE-2024-4641

critical

9.8

CWE

134

EPSS

0.043%

25/6/2024

18/9/2024

CVE-2024-4641: OnCell G3470A-LTE Series: Authenticated Format String Errors

First published: Tue Jun 25 2024(Updated: )

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

Credit: psirt@moxa.com

Affected Software	Affected Version	How to fix
All of
Any of
Moxa Oncell G3470a-lte-eu-t Firmware	<=1.7.7
Moxa Oncell G3470a-lte-eu Firmware	<=1.7.7
Moxa Oncell G3470a-lte-us-t Firmware	<=1.7.7
Moxa Oncell G3470a-lte-us Firmware	<=1.7.7
Any of
Moxa Oncell G3470a-lte-eu
Moxa Oncell G3470a-lte-eu-t
Moxa Oncell G3470a-lte-us
Moxa Oncell G3470a-lte-us-t

Remedy

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support

Never miss a vulnerability like this again

Reference Links

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-4641?
CVE-2024-4641 is classified as a high severity vulnerability due to its potential for causing denial of service.
How do I fix CVE-2024-4641?
To fix CVE-2024-4641, update the firmware of the OnCell G3470A-LTE series to version v1.7.8 or later.
What types of attacks can exploit CVE-2024-4641?
CVE-2024-4641 can be exploited through remote format string attacks resulting in memory leaks and denial of service.
Which firmware versions are affected by CVE-2024-4641?
CVE-2024-4641 affects all firmware versions v1.7.7 and prior of the OnCell G3470A-LTE series.
What devices are impacted by CVE-2024-4641?
Devices impacted by CVE-2024-4641 include the Moxa OnCell G3470A-LTE-EU, G3470A-LTE-US, and their corresponding variants.

agent/remedy
agent/references
agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
agent/source
vendor/moxa
canonical/moxa oncell g3470a-lte-eu-t firmware
version/moxa oncell g3470a-lte-eu-t firmware/1.7.7
canonical/moxa oncell g3470a-lte-eu firmware
version/moxa oncell g3470a-lte-eu firmware/1.7.7
canonical/moxa oncell g3470a-lte-us-t firmware
version/moxa oncell g3470a-lte-us-t firmware/1.7.7
canonical/moxa oncell g3470a-lte-us firmware
version/moxa oncell g3470a-lte-us firmware/1.7.7
canonical/moxa oncell g3470a-lte-eu
canonical/moxa oncell g3470a-lte-eu-t
canonical/moxa oncell g3470a-lte-us
canonical/moxa oncell g3470a-lte-us-t