CVE-2024-4639

HIGH

Moxa OnCell G3470A-LTE Series Firmware < 1.7.7 - OS Command Injection via IPSec Configuration

Title source: llm

Description

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

Scores

CVSS v3 7.1

EPSS 0.0119

EPSS Percentile 79.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-77

Status published

Products (4)

moxa/oncell_g3470a-lte-eu-t_firmware < 1.7.7

moxa/oncell_g3470a-lte-eu_firmware < 1.7.7

moxa/oncell_g3470a-lte-us-t_firmware < 1.7.7

moxa/oncell_g3470a-lte-us_firmware < 1.7.7

Published Jun 25, 2024

Tracked Since Feb 18, 2026