CVE-2024-4638

Name of the Vulnerable Software and Affected Versions OnCell G3470A-LTE Series firmware versions v1.7.7 and prior

Description The issue is related to a lack of neutralized inputs in the web key upload function, allowing an attacker to modify intended commands sent to target functions. This could enable malicious users to execute unauthorized commands. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code by sending specially crafted network requests.

Recommendations For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider disabling the web key upload function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of unauthorized command execution. Avoid using the web key upload function in the affected firmware versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.