Skip to content

Latest commit

 

History

History
31 lines (21 loc) · 794 Bytes

KL-MOXA-2018-003.md

File metadata and controls

31 lines (21 loc) · 794 Bytes
Raw

Kaspersky Lab Advisory

(KL-MOXA-2018-003) Buffer overflow

Affected Hardware/Software

Moxa OnCell G3470A-LTE Firmware version 1.6 Build 18021314 and prior

Severity level

  • Impact: Remote code execution
  • Access Vector: Remote
  • CVSS v3 Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Overall CVSS Score: 8.0
  • CVE ID: CVE-2018-11425
  • CWE ID: 120

Hardware/Software description

Moxa OnCell G3470A-LTE devices are industrial high speed LTE/Ethernet IP gateways

Vulnerability description

Memory corruption in the web interface Moxa OnCell G3470A-LTE version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.

Mitigation

Apply firmware patch from vendor.

Credits

Vulnerability was discovered by Kirill Nesterov (Kaspersky Lab).