Description
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Reserved 2024-09-24 | Published 2024-10-14 | Updated 2025-01-17 | Assigner
MoxaHIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.4CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Default status
unaffected
1.0
affected
Credits
Lars Haulin finder
References
www.moxa.com/...s-in-routers-and-network-security-appliances vendor-advisory
www.moxa.com/...ntication-vulnerability-in-ethernet-switches vendor-advisory
cve.org (CVE-2024-9137)
nvd.nist.gov (CVE-2024-9137)
Download JSON