Vulnerability-Lookup

VAR-202406-1003

Vulnerability from variot - Updated: 2025-03-12 23:01

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US firmware etc. Moxa Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company.

MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a command injection vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202406-1003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "oncell g3470a-lte-us-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7.7"
      },
      {
        "model": "oncell g3470a-lte-eu",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7.7"
      },
      {
        "model": "oncell g3470a-lte-us",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7.7"
      },
      {
        "model": "oncell g3470a-lte-eu-t",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.7.7"
      },
      {
        "model": "oncellg3470a-lte-us",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "oncellg3470a-lte-eu",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "oncellg3470a-lte-eu-t",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "oncellg3470a-lte-us-t",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "oncell g3470a-lte",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=v1.7.7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "cve": "CVE-2024-4638",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2024-41848",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@moxa.com",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2024-4638",
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2024-4638",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2024-4638",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "psirt@moxa.com",
            "id": "CVE-2024-4638",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2024-4638",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2024-4638",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2024-41848",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US firmware etc. Moxa Inc. The product contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China\u0027s MOXA company. \n\nMOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a command injection vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-4638",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "id": "VAR-202406-1003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      }
    ]
  },
  "last_update_date": "2025-03-12T23:01:11.606000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for MOXA OnCell G3470A-LTE Command Injection Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/601616"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-4638"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "date": "2024-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "date": "2024-06-25T09:15:57.413000",
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2024-41848"
      },
      {
        "date": "2024-09-25T01:50:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      },
      {
        "date": "2025-03-10T20:07:01.110000",
        "db": "NVD",
        "id": "CVE-2024-4638"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Moxa\u00a0Inc.\u00a0 Command injection vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-008843"
      }
    ],
    "trust": 0.8
  }
}

CVE-2024-4638 (GCVE-0-2024-4638)

Vulnerability from cvelistv5 – Published: 2024-06-25 08:49 – Updated: 2024-08-01 20:47

Title

OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey

Summary

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command

Assigner

Moxa

References

URL

Tags

https://www.moxa.com/en/support/product-support/s…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Moxa	OnCell G3470A-LTE Series	Affected: 1.0 , ≤ 1.7.7 (custom)

Credits

Nikita Abramov from Positive Technologies

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:moxa:oncell_g3470a-lte-us:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncell_g3470a-lte-us",
            "vendor": "moxa",
            "versions": [
              {
                "lessThanOrEqual": "1.7.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T14:17:58.104843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T17:35:59.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:47:41.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OnCell G3470A-LTE Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "1.7.7",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nikita Abramov from Positive Technologies"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands."
            }
          ],
          "value": "OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248: Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T08:49:24.910Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eOnCell G3470A-LTE Series: Please contact Moxa Technical Support for the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/tw/support/technical-support\"\u003esecurity patch (v1.7.8).\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\n  *  OnCell G3470A-LTE Series: Please contact Moxa Technical Support for the  security patch (v1.7.8). https://www.moxa.com/tw/support/technical-support"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet. \u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \u003c/li\u003e\u003cli\u003eThe starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware.\u202f\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "*  Minimize network exposure to ensure the device is not accessible from the Internet. \n  *  When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). \n  *  The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you completed configuration to prevent further damages from these vulnerabilities until installed patch or updated firmware."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2024-4638",
    "datePublished": "2024-06-25T08:49:24.910Z",
    "dateReserved": "2024-05-08T00:44:40.423Z",
    "dateUpdated": "2024-08-01T20:47:41.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202406-1003

CVE-2024-4638 (GCVE-0-2024-4638)

Tags

Sightings

Nomenclature