Skip to content

Latest commit

 

History

History
31 lines (21 loc) · 812 Bytes

KL-MOXA-2018-002.md

File metadata and controls

31 lines (21 loc) · 812 Bytes
Raw

Kaspersky Lab Advisory

(KL-MOXA-2018-002) Denial of service via memory corruption

Affected Hardware/Software

Moxa OnCell G3470A-LTE Firmware version 1.6 Build 18021314 and prior

Severity level

  • Impact: Denial of service
  • Access Vector: Remote
  • CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Overall CVSS Score: 7.5
  • CVE ID: CVE-2018-11424
  • CWE ID: 476

Hardware/Software description

Moxa OnCell G3470A-LTE devices are industrial high speed LTE/Ethernet IP gateways

Vulnerability description

Memory corruption in the web interface Moxa OnCell G3470A-LTE version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.

Mitigation

Apply firmware patch from vendor.

Credits

Vulnerability was discovered by Semen Rozhkov (Kaspersky Lab).