Vulnerabilities > Moxa > Oncell G3470A LTE EU T Firmware > 1.7

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-4639 Command Injection vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration.
network
low complexity
moxa CWE-77
8.8
2024-06-25 CVE-2024-4640 Classic Buffer Overflow vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations.
network
low complexity
moxa CWE-120
8.2
2024-06-25 CVE-2024-4641 Use of Externally-Controlled Format String vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument.
network
low complexity
moxa CWE-134
critical
9.8
2024-06-25 CVE-2024-4638 Command Injection vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function.
network
low complexity
moxa CWE-77
8.8
2021-09-07 CVE-2021-39278 Cross-site Scripting vulnerability in Moxa products
Certain MOXA devices allow reflected XSS via the Config Import menu.
network
low complexity
moxa CWE-79
6.1
2021-09-07 CVE-2021-39279 OS Command Injection vulnerability in Moxa products
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP.
network
low complexity
moxa CWE-78
8.8