Kaspersky Lab Advisory
(KL-MOXA-2018-003) Buffer overflow
Affected Hardware/Software
Moxa OnCell G3470A-LTE Firmware version 1.6 Build 18021314 and prior
Severity level
- Impact: Remote code execution
- Access Vector: Remote
- CVSS v3 Vector: AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Overall CVSS Score: 8.0
- CVE ID: CVE-2018-11425
- CWE ID: 120
Hardware/Software description
Moxa OnCell G3470A-LTE devices are industrial high speed LTE/Ethernet IP gateways
Vulnerability description
Memory corruption in the web interface Moxa OnCell G3470A-LTE version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
Mitigation
Apply firmware patch from vendor.
Credits
Vulnerability was discovered by Kirill Nesterov (Kaspersky Lab).