Details of VAR-202406-2348

ID

VAR-202406-2348

CVE

CVE-2024-4640

TITLE

plural Moxa Inc. Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-008483

DESCRIPTION

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. ONCELLG3470A-LTE-EU-T firmware, ONCELLG3470A-LTE-EU firmware, OnCellG3470A-LTE-US-T firmware etc. Moxa Inc. The product contains a classic buffer overflow vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA OnCell G3470A-LTE is a series of cellular gateways/routers from China's MOXA company. MOXA OnCell G3470A-LTE v1.7.7 and earlier firmware versions have a buffer overflow vulnerability. The vulnerability is caused by the lack of boundary checks on buffer operations

Trust: 2.16

sources: NVD: CVE-2024-4640 // JVNDB: JVNDB-2024-008483 // CNVD: CNVD-2024-41850

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41850

AFFECTED PRODUCTS

vendor:	moxa	model:	oncell g3470a-lte-eu	scope:	lte	version:	1.7.7	Trust: 1.0
vendor:	moxa	model:	oncell g3470a-lte-us	scope:	lte	version:	1.7.7	Trust: 1.0
vendor:	moxa	model:	oncell g3470a-lte-eu-t	scope:	lte	version:	1.7.7	Trust: 1.0
vendor:	moxa	model:	oncell g3470a-lte-us-t	scope:	lte	version:	1.7.7	Trust: 1.0
vendor:	moxa	model:	oncellg3470a-lte-us	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncellg3470a-lte-eu	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncellg3470a-lte-eu-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncellg3470a-lte-us-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	oncell g3470a-lte	scope:	lte	version:	<=v1.7.7	Trust: 0.6

sources: CNVD: CNVD-2024-41850 // JVNDB: JVNDB-2024-008483 // NVD: CVE-2024-4640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-4640
value:	HIGH
Trust: 1.0
psirt@moxa.com:	CVE-2024-4640
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-4640
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41850
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-41850
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-4640
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
psirt@moxa.com:	CVE-2024-4640
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2024-4640
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41850 // JVNDB: JVNDB-2024-008483 // NVD: CVE-2024-4640 // NVD: CVE-2024-4640

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD evaluation ]	Trust: 0.8
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-008483 // NVD: CVE-2024-4640

PATCH

title:

Patch for MOXA OnCell G3470A-LTE Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601606

Trust: 0.6

sources: CNVD: CNVD-2024-41850

EXTERNAL IDS

db:	NVD	id:	CVE-2024-4640	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-008483	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41850	Trust: 0.6

sources: CNVD: CNVD-2024-41850 // JVNDB: JVNDB-2024-008483 // NVD: CVE-2024-4640

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-4640	Trust: 0.8

sources: CNVD: CNVD-2024-41850 // JVNDB: JVNDB-2024-008483 // NVD: CVE-2024-4640

SOURCES

db:	CNVD	id:	CNVD-2024-41850
db:	JVNDB	id:	JVNDB-2024-008483
db:	NVD	id:	CVE-2024-4640

LAST UPDATE DATE

2024-10-29T23:28:43.507000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41850	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-008483	date:	2024-09-19T23:40:00
db:	NVD	id:	CVE-2024-4640	date:	2024-09-18T15:48:43.557

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41850	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-008483	date:	2024-09-20T00:00:00
db:	NVD	id:	CVE-2024-4640	date:	2024-06-25T10:15:20.780