CVE-2024-9404 | THREATINT

Description

This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

PUBLISHED Reserved 2024-10-01 | Published 2024-12-04 | Updated 2025-08-27 | Assigner Moxa

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

L i m i t e d I m p a c t : I n s o m e c a s e s , t h e v u l n e r a b i l i t y m a y o n l y c a u s e t h e n e t w o r k s e r v e r s e r v i c e ( H T T P S o n p o r t 4 4 3 ) t o r e s t a r t . T h i s d o e s n o t d i s r u p t t h e d e v i c e ’ s c o r e f u n c t i o n s , a n d a f t e r a n a u t o m a t i c r e s t a r t , t h e s e r v i c e r e s u m e s n o r m a l o p e r a t i o n .

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

L i m i t e d I m p a c t : I n s o m e c a s e s , t h e v u l n e r a b i l i t y m a y o n l y c a u s e t h e n e t w o r k s e r v e r s e r v i c e ( H T T P S o n p o r t 4 4 3 ) t o r e s t a r t . T h i s d o e s n o t d i s r u p t t h e d e v i c e ’ s c o r e f u n c t i o n s , a n d a f t e r a n a u t o m a t i c r e s t a r t , t h e s e r v i c e r e s u m e s n o r m a l o p e r a t i o n .

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

H i g h e r I m p a c t : I n m o r e s e v e r e e x p l o i t a t i o n s c e n a r i o s , a t t a c k e r s c a n l e v e r a g e t h e M o x a s e r v i c e ( m o x a _ c m d ) , o r i g i n a l l y i n t e n d e d f o r d e p l o y m e n t p u r p o s e s . D u e t o i n s u f f i c i e n t i n p u t v a l i d a t i o n , t h i s c a n l e a d t o a c o l d s t a r t o r a d e n i a l - o f - s e r v i c e ( D o S ) c o n d i t i o n , r e s u l t i n g i n a f u l l d e v i c e r e b o o t a n d p o t e n t i a l s e r v i c e d i s r u p t i o n s .

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

H i g h e r I m p a c t : I n m o r e s e v e r e e x p l o i t a t i o n s c e n a r i o s , a t t a c k e r s c a n l e v e r a g e t h e M o x a s e r v i c e ( m o x a _ c m d ) , o r i g i n a l l y i n t e n d e d f o r d e p l o y m e n t p u r p o s e s . D u e t o i n s u f f i c i e n t i n p u t v a l i d a t i o n , t h i s c a n l e a d t o a c o l d s t a r t o r a d e n i a l - o f - s e r v i c e ( D o S ) c o n d i t i o n , r e s u l t i n g i n a f u l l d e v i c e r e b o o t a n d p o t e n t i a l s e r v i c e d i s r u p t i o n s .

Problem types

CWE-1287: Improper Validation of Specified Type of Input

Product status

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Default status

unaffected

1.0 (custom)

affected

Credits

YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity testing team finder

References

www.moxa.com/...rability-identified-in-the-vport-07-3-series vendor-advisory

www.moxa.com/...-in-multiple-eds,-ics,-iks,-and-sds-switches vendor-advisory

www.moxa.com/...erability-identified-in-multiple-pt-switches vendor-advisory

cve.org (CVE-2024-9404)

nvd.nist.gov (CVE-2024-9404)

help @ threatint.eu