Vulnerabilities > Moxa > Oncell G3470A LTE EU T Firmware > 1.7

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-25	CVE-2024-4639	Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. network low complexity moxa CWE-77	8.8
2024-06-25	CVE-2024-4640	Classic Buffer Overflow vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. network low complexity moxa CWE-120	8.2
2024-06-25	CVE-2024-4641	Use of Externally-Controlled Format String vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. network low complexity moxa CWE-134 critical	9.8
2024-06-25	CVE-2024-4638	Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. network low complexity moxa CWE-77	8.8
2021-09-07	CVE-2021-39278	Cross-site Scripting vulnerability in Moxa products Certain MOXA devices allow reflected XSS via the Config Import menu. network low complexity moxa CWE-79	6.1
2021-09-07	CVE-2021-39279	OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. network low complexity moxa CWE-78	8.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.