// For flags

CVE-2024-4641

OnCell G3470A-LTE Series: Authenticated Format String Errors

Severity Score

6.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podría modificar una cadena de formato controlada externamente para provocar una pérdida de memoria y una denegación de servicio.

*Credits: Nikita Abramov from Positive Technologies
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-08 CVE Reserved
  • 2024-06-25 CVE Published
  • 2024-08-01 CVE Updated
  • 2024-09-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-134: Use of Externally-Controlled Format String
CAPEC
  • CAPEC-135: Format String Injection
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moxa
Search vendor "Moxa"
 OnCell G3150A-LTE Series
Search vendor "Moxa" for product "OnCell G3150A-LTE Series"
 >= 1.0.0 <= 1.7.7
Search vendor "Moxa" for product "OnCell G3150A-LTE Series" and version " >= 1.0.0 <= 1.7.7"
en
Affected