CVE-2024-4640

EPSS 0.73%
Veröffentlicht 25.06.2024 10:15:20
Zuletzt bearbeitet 10.03.2025 20:06:21
Quelle psirt@moxa.com
CVE-Watchlists
Login
Unerledigt
Login

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moxa ≫ Oncell G3470a-lte-us-t Firmware Version <= 1.7.7

Moxa ≫ Oncell G3470a-lte-us-t Version-

Moxa ≫ Oncell G3470a-lte-eu Firmware Version <= 1.7.7

Moxa ≫ Oncell G3470a-lte-eu Version-

Moxa ≫ Oncell G3470a-lte-eu-t Firmware Version <= 1.7.7

Moxa ≫ Oncell G3470a-lte-eu-t Version-

Moxa ≫ Oncell G3470a-lte-us Firmware Version <= 1.7.7

Moxa ≫ Oncell G3470a-lte-us Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.718

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
psirt@moxa.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-4640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4640

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-4640