CVE-2024-4640 – OnCell G3470A-LTE Series devices with firmware ... (How to Fix)

Q: What is the severity of CVE-2024-4640?

CVE-2024-4640 has a CVSS score of 7.1 (HIGH). OnCell G3470A-LTE Series devices with firmware v1.7.7 and earlier have a buffer overflow vulnerability due to missing bounds checking. An attacker could crash the device by writing beyond allocated memory buffers. This affects industrial cellular routers used in critical infrastructure and industrial control systems.

📋 TL;DR

OnCell G3470A-LTE Series devices with firmware v1.7.7 and earlier have a buffer overflow vulnerability due to missing bounds checking. An attacker could crash the device by writing beyond allocated memory buffers. This affects industrial cellular routers used in critical infrastructure and industrial control systems.

💻 Affected Systems

Products:

Moxa OnCell G3470A-LTE Series

Versions: v1.7.7 and prior

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or disruption of industrial operations.

🟠

Likely Case

Denial of service through device crash, disrupting network connectivity and industrial processes.

🟢

If Mitigated

Limited impact if devices are behind firewalls with restricted access and proper network segmentation.

🌐 Internet-Facing: HIGH - These devices are often deployed at remote sites with internet connectivity for management.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this if they have network access to the devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow vulnerabilities are commonly exploited, though no specific exploit code is publicly available for this CVE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.7.8 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities

Restart Required: Yes

Instructions:

1. Download firmware v1.7.8 or later from Moxa website. 2. Log into device web interface. 3. Navigate to System Maintenance > Firmware Upgrade. 4. Upload new firmware file. 5. Confirm upgrade and wait for device to reboot.

🔧 Temporary Workarounds

Network segmentation

all

Isolate OnCell devices in separate network segments with strict firewall rules.

Access restriction

all

Restrict web interface access to trusted management IP addresses only.

🧯 If You Can't Patch

Deploy network-based intrusion prevention systems (IPS) to detect and block buffer overflow attempts.
Implement strict network segmentation to limit device exposure and contain potential compromise.

🔍 How to Verify

Check if Vulnerable:

Log into device web interface and check firmware version under System Information.

Check Version:

No CLI command - check via web interface at System Information page.

Verify Fix Applied:

Confirm firmware version is v1.7.8 or later after upgrade.

📡 Detection & Monitoring

Log Indicators:

Device crash/reboot logs
Web interface access from unusual IPs
Memory allocation errors

Network Indicators:

Unusual traffic patterns to device web ports
HTTP requests with oversized payloads

SIEM Query:

source="oncell-g3470a" AND (event_type="crash" OR event_type="reboot")

📊 Metadata

CVE ID: CVE-2024-4640

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-120

Published: June 25, 2024

Last Updated: March 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4640, you might also want to check these: