Home

Description

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

PUBLISHED Reserved 2024-09-24 | Published 2024-10-14 | Updated 2025-09-19 | Assigner Moxa




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.4CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

3.14.4 (custom)
unaffected

Default status
unaffected

1.0 (custom)
affected

3.14.6 (custom)
unaffected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Credits

Lars Haulin finder

References

www.moxa.com/...s-in-routers-and-network-security-appliances vendor-advisory

www.moxa.com/...ntication-vulnerability-in-ethernet-switches vendor-advisory

cve.org (CVE-2024-9137)

nvd.nist.gov (CVE-2024-9137)

Download JSON