CVE-2024-9139

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.6HIGH

EPSS

0.3%

top 49.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-810 Series +5 more

Timeline

PublishedOct 14

Description

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages8 packages

▶CVEListV5moxa/edr-810_series1.0 — 5.12.33

▶CVEListV5moxa/nat-102_series1.0 — 1.0.5

▶CVEListV5moxa/tn-4900_series1.0 — 3.6

▶CVEListV5moxa/edr-8010_series1.0 — 3.12.1

▶CVEListV5moxa/edr-g9004_series1.0 — 3.12.1

🔴Vulnerability Details

GHSA

GHSA-6vmr-rjpc-xf64: The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code↗2024-10-14

▶

CVEList

OS Command Injection in Restricted Command↗2024-10-14

▶