CVE-2024-4640

Published Jun 25, 2024

Last updated 2 months ago

CVSS high 8.2

Overview

Description: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
Source: psirt@moxa.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-120
psirt@moxa.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:moxa:oncell_g3470a-lte-eu-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E18DFB2B-98A9-49B4-9338-404DDD5D03DE",
            "versionEndIncluding": "1.7.7"
          },
          {
            "criteria": "cpe:2.3:o:moxa:oncell_g3470a-lte-eu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D66E977-C246-4AE1-B98A-C5E53B05AEE4",
            "versionEndIncluding": "1.7.7"
          },
          {
            "criteria": "cpe:2.3:o:moxa:oncell_g3470a-lte-us-t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9F52AF7-B4F6-4A74-AB10-EE7BED739E1B",
            "versionEndIncluding": "1.7.7"
          },
          {
            "criteria": "cpe:2.3:o:moxa:oncell_g3470a-lte-us_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2530C6D4-CA66-4932-A943-FA8318819868",
            "versionEndIncluding": "1.7.7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:moxa:oncell_g3470a-lte-eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "620CD649-90E9-422A-9FF7-51C2FFF2DFDD"
          },
          {
            "criteria": "cpe:2.3:h:moxa:oncell_g3470a-lte-eu-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E97DFAB-1D6E-4110-89C1-DD5616A6320B"
          },
          {
            "criteria": "cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A14AC6DF-528B-479F-945C-B8268B22AD75"
          },
          {
            "criteria": "cpe:2.3:h:moxa:oncell_g3470a-lte-us-t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A599BB3F-33B0-434F-8F74-D4E77DA73EBB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References