CVE-2024-9138
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | EDR-810 Series | 1.0 <= 5.12.37 | affected |
| Moxa | EDR-8010 Series | 1.0 <= 3.13.1 | affected |
| Moxa | EDR-G902 Series | 1.0 <= 5.7.25 | affected |
| Moxa | EDR-G903 Series | 1.0 <= 5.7.25 | affected |
| Moxa | EDR-G9004 Series | 1.0 <= 3.13.1 | affected |
| Moxa | EDR-G9010 Series | 1.0 <= 3.13.1 | affected |
| Moxa | EDF-G1002-BP Series | 1.0 <= 3.13.1 | affected |
| Moxa | NAT-102 Series | 1.0 <= 1.0.5 | affected |
| Moxa | OnCell G4302-LTE4 Series | 1.0 <= 3.13 | affected |
| Moxa | TN-4900 Series | 1.0 <= 3.13 | affected |
Weaknesses
- CWE-656: CWE-656: Reliance on Security Through Obscurity
Workarounds
Minimize network exposure to ensure the device is not accessible from the Internet.
Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.