OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
References
Configurations
Configuration 1 (hide)
AND |
|
History
18 Sep 2024, 15:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Moxa oncell G3470a-lte-eu Firmware
Moxa oncell G3470a-lte-eu-t Moxa oncell G3470a-lte-eu-t Firmware Moxa oncell G3470a-lte-us-t Firmware Moxa oncell G3470a-lte-us Firmware Moxa oncell G3470a-lte-us Moxa oncell G3470a-lte-eu Moxa Moxa oncell G3470a-lte-us-t |
|
References | () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities - Vendor Advisory | |
CPE | cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:* cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:* |
25 Jun 2024, 12:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Jun 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-25 10:15
Updated : 2024-10-10 10:39
NVD link : CVE-2024-4639
Mitre link : CVE-2024-4639
CVE.ORG link : CVE-2024-4639
JSON object : View
Products Affected
moxa
- oncell_g3470a-lte-us_firmware
- oncell_g3470a-lte-eu
- oncell_g3470a-lte-us-t
- oncell_g3470a-lte-eu-t
- oncell_g3470a-lte-eu_firmware
- oncell_g3470a-lte-us-t_firmware
- oncell_g3470a-lte-eu-t_firmware
- oncell_g3470a-lte-us
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')