CVE-2024-4641 – OnCell G3470A-LTE Series: Authenticated Format String Errors
https://notcve.org/view.php?id=CVE-2024-4641
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podría modificar una cadena de formato controlada externamente para provocar una pérdida de memoria y una denegación de servicio. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-134: Use of Externally-Controlled Format String •
CVE-2024-4640 – OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail
https://notcve.org/view.php?id=CVE-2024-4640
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a la falta de verificación de los límites en las operaciones del búfer. Un atacante podría escribir más allá de los límites de las regiones del búfer asignadas en la memoria, provocando un bloqueo del programa. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-4639 – OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec
https://notcve.org/view.php?id=CVE-2024-4639
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores han sido identificadas como vulnerables debido a la falta de entradas neutralizadas en la configuración IPSec. Un atacante podría modificar los comandos previstos enviados a las funciones de destino, lo que podría provocar que usuarios malintencionados ejecuten comandos no autorizados. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-6094 – OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials
https://notcve.org/view.php?id=CVE-2023-6094
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. • https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2023-6093 – OnCell G3150A-LTE Series: Clickjacking Vulnerability
https://notcve.org/view.php?id=CVE-2023-6093
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del frame, lo que genera confusión en el usuario sobre con qué interfaz está interactuando. • https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •