#VU103041 Missing Authentication for Critical Function in Moxa products - CVE-2024-9137
Published: January 20, 2025
Vulnerability identifier: #VU103041
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-9137
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EDS-608 Series
EDS-611 Series
EDS-616 Series
EDS-619 Series
EDS-405A Series
EDS-408A Series
EDS-505A Series
EDS-508A Series
EDS-510A Series
EDS-516A Series
EDS-518A Series
EDS-G509 Series
EDS-P510 Series
EDS-P510A Series
EDS-510E Series
EDS-518E Series
EDS-528E Series
EDS-G508E Series
EDS-G512E Series
EDS-G516E Series
EDS-P506E Series
ICS-G7526A Series
ICS-G7528A Series
ICS-G7748A Series
ICS-G7750A Series
ICS-G7752A Series
ICS-G7826A Series
ICS-G7828A Series
ICS-G7848A Series
ICS-G7850A Series
ICS-G7852A Series
IKS-G6524A Series
IKS-6726A Series
IKS-6728A Series
IKS-6728A-8POE Series
IKS-G6824A Series
SDS-3006 Series
SDS-3008 Series
SDS-3010 Series
SDS-3016 Series
SDS-G3006 Series
SDS-G3008 Series
SDS-G3010 Series
SDS-G3016 Series
PT-7728 Series
PT-7828 Series
PT-G503 Series
PT-G510 Series
PT-G7728 Series
PT-G7828 Series
TN-4500A Series
TN-5500A Series
TN-G4500 Series
TN-G6500 Series
EDS-608 Series
EDS-611 Series
EDS-616 Series
EDS-619 Series
EDS-405A Series
EDS-408A Series
EDS-505A Series
EDS-508A Series
EDS-510A Series
EDS-516A Series
EDS-518A Series
EDS-G509 Series
EDS-P510 Series
EDS-P510A Series
EDS-510E Series
EDS-518E Series
EDS-528E Series
EDS-G508E Series
EDS-G512E Series
EDS-G516E Series
EDS-P506E Series
ICS-G7526A Series
ICS-G7528A Series
ICS-G7748A Series
ICS-G7750A Series
ICS-G7752A Series
ICS-G7826A Series
ICS-G7828A Series
ICS-G7848A Series
ICS-G7850A Series
ICS-G7852A Series
IKS-G6524A Series
IKS-6726A Series
IKS-6728A Series
IKS-6728A-8POE Series
IKS-G6824A Series
SDS-3006 Series
SDS-3008 Series
SDS-3010 Series
SDS-3016 Series
SDS-G3006 Series
SDS-G3008 Series
SDS-G3010 Series
SDS-G3016 Series
PT-7728 Series
PT-7828 Series
PT-G503 Series
PT-G510 Series
PT-G7728 Series
PT-G7828 Series
TN-4500A Series
TN-5500A Series
TN-G4500 Series
TN-G6500 Series
Software vendor:
Moxa
Moxa
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing authentication check when sending commands to the server via the Moxa service. A remote attacker can execute arbitrary code on the system.
Remediation
Install updates from vendor's website.
External links
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches