CVE-2024-9140

CWE-78 — OS Command Injection4 documents4 sources

Severity

9.3CRITICAL

EPSS

0.5%

top 32.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edf-g1002-bp Series Moxa Edr-8010 Series Moxa Edr-g9004 Series +4 more

Timeline

PublishedJan 3

Latest updateJan 6

Description

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages7 packages

▶CVEListV5moxa/nat-102_series1.0 — 1.0.5

▶CVEListV5moxa/tn-4900_series1.0 — 3.13

▶CVEListV5moxa/edr-8010_series1.0 — 3.13.1

▶CVEListV5moxa/edr-g9004_series1.0 — 3.13.1

▶CVEListV5moxa/edr-g9010_series1.0 — 3.13.1

🔴Vulnerability Details

GHSA

GHSA-mqhc-c63f-9fc8: Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140↗2025-01-03

▶

CVEList

CVE-2024-9140: Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140↗2025-01-03

▶

🕵️Threat Intelligence

Bleepingcomputer

Vulnerable Moxa devices expose industrial networks to attacks↗2025-01-06

▶