CVE-2024-4640 HIGH

CVE-2024-4640: OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

Vendor Moxa
Product OnCell G3150A-LTE Series
Weakness CWE-120
Published June 25, 2024
Last update August 1, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
August 1, 2024 Record updated