// For flags

CVE-2024-4640

OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.

Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a la falta de verificación de los límites en las operaciones del búfer. Un atacante podría escribir más allá de los límites de las regiones del búfer asignadas en la memoria, provocando un bloqueo del programa.

*Credits: Nikita Abramov from Positive Technologies
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-08 CVE Reserved
  • 2024-06-25 CVE Published
  • 2024-08-01 CVE Updated
  • 2024-09-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
  • CAPEC-100: Overflow Buffers
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moxa
Search vendor "Moxa"
 OnCell G3150A-LTE Series
Search vendor "Moxa" for product "OnCell G3150A-LTE Series"
 >= 1.0.0 <= 1.7.7
Search vendor "Moxa" for product "OnCell G3150A-LTE Series" and version " >= 1.0.0 <= 1.7.7"
en
Affected