Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check
CVE-2024-9137

8.8HIGH

Key Information:

Vendor: Moxa
Status: Edr-8010 Series; Edr-g9004 Series; Edr-g9010 Series; Edf-g1002-bp Series
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-9137?

An authentication check vulnerability exists in Moxa routers and network security appliances when commands are sent to the server via the Moxa service. This flaw enables attackers to execute predefined commands remotely, which may lead to unauthorized upload or download of configuration files, posing significant risks to system integrity and security. Without proper authentication mechanisms in place, the likelihood of exploitation increases, potentially compromising sensitive data and system functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EDF-G1002-BP Series 1.0 <= 3.12.1

EDR-8010 Series 1.0 <= 3.12.1

EDR-G9004 Series 1.0 <= 3.12.1

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 14, 2024

Credit

Lars Haulin

JSON

Moxa