CVE-2024-9140

Summary

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.

Affected Software

VendorProductVersion RangeStatus
MoxaEDR-8010 Series1.0 <= 3.13.1affected
MoxaEDR-G9004 Series1.0 <= 3.13.1affected
MoxaEDR-G9010 Series1.0 <= 3.13.1affected
MoxaEDF-G1002-BP Series1.0 <= 3.13.1affected
MoxaNAT-102 Series1.0 <= 1.0.5affected
MoxaOnCell G4302-LTE4 Series1.0 <= 3.13affected
MoxaTN-4900 Series1.0 <= 3.13affected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Workarounds

  • Minimize network exposure to ensure the device is not accessible from the Internet.

  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.

  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References