CVE-2024-9138

CWE-656 CWE-284 — Improper Access Control5 documents5 sources

Severity

8.6HIGH

EPSS

0.1%

top 68.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-810 Series +7 more

Timeline

PublishedJan 3

Latest updateJan 6

Description

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages10 packages

▶CVEListV5moxa/edr-810_series1.0 — 5.12.37

▶CVEListV5moxa/nat-102_series1.0 — 1.0.5

▶CVEListV5moxa/tn-4900_series1.0 — 3.13

▶CVEListV5moxa/edr-8010_series1.0 — 3.13.1

▶CVEListV5moxa/edr-g902_series1.0 — 5.7.25

🔴Vulnerability Details

CVEList

Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances↗2025-01-03

▶

GHSA

GHSA-wv93-f9g8-qg2r: Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138↗2025-01-03

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2024-10-08

▶

🕵️Threat Intelligence

Bleepingcomputer

Vulnerable Moxa devices expose industrial networks to attacks↗2025-01-06

▶