CVE-2024-4639

HIGH

Moxa Oncell G3470a-lte-us-t Firmware < 1.7.7 - Command Injection

Title source: rule

Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

References (1)

[Vendor Advisory] https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

Scores

CVSS v3 7.1

EPSS 0.0155

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Classification

CWE

CWE-77

Status published

Affected Products (4)

moxa/oncell_g3470a-lte-us-t_firmware < 1.7.7

moxa/oncell_g3470a-lte-eu_firmware < 1.7.7

moxa/oncell_g3470a-lte-eu-t_firmware < 1.7.7

moxa/oncell_g3470a-lte-us_firmware < 1.7.7

Timeline

Published Jun 25, 2024

Tracked Since Feb 18, 2026