CVE-2024-4638 HIGH

CVE-2024-4638: OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey

Vendor Moxa
Product OnCell G3470A-LTE Series
Weakness CWE-77
Published June 25, 2024
Last update August 1, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 1, 2024 Record updated