CVE-2024-4641

CWE-134Uncontrolled Format String4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.5%
top 34.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Moxa Oncell G3150a-lte SeriesMoxa Oncell G3470a-lte-eu-t FirmwareMoxa Oncell G3470a-lte-eu Firmware+2 more
Timeline
PublishedJun 25

Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages5 packages

CVEListV5moxa/oncell_g3150a-lte_series1.01.7.7

🔴Vulnerability Details

2
GHSA
GHSA-9jqr-jfvv-cj9j: OnCell G3470A-LTE Series firmware versions v12024-06-25
CVEList
OnCell G3470A-LTE Series: Authenticated Format String Errors2024-06-25

📋Vendor Advisories

1
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (shadow-utils) — CVE-2023-46412024-04-15