CVE-2024-4639 — Command Injection in Oncell G3150a-lte Series

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

1.2%

top 21.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Oncell G3150a-lte Series Moxa Oncell G3470a-lte-eu-t Firmware Moxa Oncell G3470a-lte-eu Firmware +2 more

Timeline

PublishedJun 25

Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDmoxa/oncell_g3470a-lte-eu_firmware1.7.7

▶NVDmoxa/oncell_g3470a-lte-us_firmware1.7.7

▶NVDmoxa/oncell_g3470a-lte-eu-t_firmware1.7.7

▶NVDmoxa/oncell_g3470a-lte-us-t_firmware1.7.7

▶CVEListV5moxa/oncell_g3150a-lte_series1.0 — 1.7.7

🔴Vulnerability Details

CVEList

OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec↗2024-06-25

▶

GHSA

GHSA-c8f8-j53j-393c: OnCell G3470A-LTE Series firmware versions v1↗2024-06-25

▶