Products
OnCell G3470A-LTE Series
- v1.7.7 and prior
Source
psirt@moxa.com
Tags
CVE-2024-4640 details
Published : June 25, 2024, 10:15 a.m.
Last Modified : June 25, 2024, 12:24 p.m.
Last Modified : June 25, 2024, 12:24 p.m.
Description
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.1 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
7.1
Exploitability Score
2.8
Impact Score
4.2
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
References
| URL | Source |
|---|---|
| https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities | psirt@moxa.com |
This website uses the NVD API, but is not approved or certified by it.