CVE-2024-4641 (GCVE-0-2024-4641)
Vulnerability from cvelistv5 – Published: 2024-06-25 09:23 – Updated: 2024-08-01 20:47
VLAI?
Summary
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.
Severity ?
6.3 (Medium)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | OnCell G3150A-LTE Series |
Affected:
1.0 , ≤ 1.7.7
(custom)
|
Credits
Nikita Abramov from Positive Technologies
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g3470a-lte-us",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T17:38:59.616518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T17:39:20.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OnCell G3150A-LTE Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.7.7",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nikita Abramov from Positive Technologies"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service."
}
],
"value": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-135",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-135: Format String Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134: Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T09:23:30.502Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnCell G3470A-LTE Series: Please contact Moxa Technical Support for the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/tw/support/technical-support\"\u003esecurity patch (v1.7.8).\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\n\n\n\n * OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OnCell G3470A-LTE Series: Authenticated Format String Errors",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa recommends users to implement the following mitigations if necessary: \u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/li\u003e\u003cli\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa recommends users to implement the following mitigations if necessary: \n\n * Minimize network exposure to ensure the device is not accessible from the Internet. \n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-4641",
"datePublished": "2024-06-25T09:23:30.502Z",
"dateReserved": "2024-05-08T00:44:45.219Z",
"dateUpdated": "2024-08-01T20:47:41.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.7\", \"matchCriteriaId\": \"E18DFB2B-98A9-49B4-9338-404DDD5D03DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.7\", \"matchCriteriaId\": \"4D66E977-C246-4AE1-B98A-C5E53B05AEE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.7\", \"matchCriteriaId\": \"F9F52AF7-B4F6-4A74-AB10-EE7BED739E1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.7\", \"matchCriteriaId\": \"2530C6D4-CA66-4932-A943-FA8318819868\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"620CD649-90E9-422A-9FF7-51C2FFF2DFDD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E97DFAB-1D6E-4110-89C1-DD5616A6320B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A14AC6DF-528B-479F-945C-B8268B22AD75\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A599BB3F-33B0-434F-8F74-D4E77DA73EBB\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.\"}, {\"lang\": \"es\", \"value\": \"Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podr\\u00eda modificar una cadena de formato controlada externamente para provocar una p\\u00e9rdida de memoria y una denegaci\\u00f3n de servicio.\"}]",
"id": "CVE-2024-4641",
"lastModified": "2024-11-21T09:43:16.250",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@moxa.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-06-25T10:15:21.000",
"references": "[{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\", \"source\": \"psirt@moxa.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@moxa.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-134\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4641\",\"sourceIdentifier\":\"psirt@moxa.com\",\"published\":\"2024-06-25T10:15:21.000\",\"lastModified\":\"2025-03-10T20:05:10.410\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.\"},{\"lang\":\"es\",\"value\":\"Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podr\u00eda modificar una cadena de formato controlada externamente para provocar una p\u00e9rdida de memoria y una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@moxa.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.7\",\"matchCriteriaId\":\"F9F52AF7-B4F6-4A74-AB10-EE7BED739E1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A599BB3F-33B0-434F-8F74-D4E77DA73EBB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.7\",\"matchCriteriaId\":\"4D66E977-C246-4AE1-B98A-C5E53B05AEE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"620CD649-90E9-422A-9FF7-51C2FFF2DFDD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.7\",\"matchCriteriaId\":\"E18DFB2B-98A9-49B4-9338-404DDD5D03DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E97DFAB-1D6E-4110-89C1-DD5616A6320B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.7\",\"matchCriteriaId\":\"2530C6D4-CA66-4932-A943-FA8318819868\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A14AC6DF-528B-479F-945C-B8268B22AD75\"}]}]}],\"references\":[{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\",\"source\":\"psirt@moxa.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:47:41.226Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4641\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-26T17:38:59.616518Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*\"], \"vendor\": \"moxa\", \"product\": \"oncell_g3470a-lte-us\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7.7\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-26T17:38:53.345Z\"}}], \"cna\": {\"title\": \"OnCell G3470A-LTE Series: Authenticated Format String Errors\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Nikita Abramov from Positive Technologies\"}], \"impacts\": [{\"capecId\": \"CAPEC-135\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-135: Format String Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moxa\", \"product\": \"OnCell G3150A-LTE Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7.7\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\\n\\n\\n\\n * OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMoxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnCell G3470A-LTE Series: Please contact Moxa Technical Support for the \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.moxa.com/tw/support/technical-support\\\"\u003esecurity patch (v1.7.8).\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Moxa recommends users to implement the following mitigations if necessary: \\n\\n * Minimize network exposure to ensure the device is not accessible from the Internet. \\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \\n * The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMoxa recommends users to implement the following mitigations if necessary: \u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/li\u003e\u003cli\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\\u202f\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-134\", \"description\": \"CWE-134: Use of Externally-Controlled Format String\"}]}], \"providerMetadata\": {\"orgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"shortName\": \"Moxa\", \"dateUpdated\": \"2024-06-25T09:23:30.502Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4641\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:47:41.226Z\", \"dateReserved\": \"2024-05-08T00:44:45.219Z\", \"assignerOrgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"datePublished\": \"2024-06-25T09:23:30.502Z\", \"assignerShortName\": \"Moxa\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…