Kaspersky Lab Advisory
(KL-MOXA-2018-002) Denial of service via memory corruption
Affected Hardware/Software
Moxa OnCell G3470A-LTE Firmware version 1.6 Build 18021314 and prior
Severity level
- Impact: Denial of service
- Access Vector: Remote
- CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Overall CVSS Score: 7.5
- CVE ID: CVE-2018-11424
- CWE ID: 476
Hardware/Software description
Moxa OnCell G3470A-LTE devices are industrial high speed LTE/Ethernet IP gateways
Vulnerability description
Memory corruption in the web interface Moxa OnCell G3470A-LTE version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
Mitigation
Apply firmware patch from vendor.
Credits
Vulnerability was discovered by Semen Rozhkov (Kaspersky Lab).