PT-2024-4413 · Moxa · Oncell G3470A-Lte Series
Nikita Abramov
·
Published
2024-06-25
·
Updated
2024-10-10
·
CVE-2024-4639
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior
Description
The issue is related to a lack of neutralized inputs in the IPSec configuration, allowing an attacker to modify intended commands sent to target functions. This could enable malicious users to execute unauthorized commands by sending specially crafted network requests.
Recommendations
For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider updating to a version that addresses the lack of neutralized inputs in IPSec configuration to prevent unauthorized command execution.
As a temporary workaround, restrict access to the IPSec configuration to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oncell G3470A-Lte Series