CVE-2024-9137

CWE-306Missing Authentication3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 64.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
60
Moxa Edf-g1002-bp SeriesMoxa Edr-8010 SeriesMoxa Edr-g9004 Series+57 more
Timeline
PublishedOct 14

Description

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages60 packages

CVEListV5moxa/eds-608_series1.03.12
CVEListV5moxa/eds-611_series1.03.12
CVEListV5moxa/eds-616_series1.03.12
CVEListV5moxa/eds-619_series1.03.12
CVEListV5moxa/nat-102_series1.01.0.5

🔴Vulnerability Details

2
CVEList
Moxa Service Missing Authentication for Critical Function2024-10-14
GHSA
GHSA-c5hh-282x-jrgh: The affected product lacks an authentication check when sending commands to the server via the Moxa service2024-10-14
CVE-2024-9137 (HIGH CVSS 8.8) | The affected product lacks an authe | cvebase.io