Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check
CVE-2024-9137
9.4CRITICAL
Key Information
- Vendor
- Moxa
- Status
- Edr-8010 Series
- Edr-g9004 Series
- Edr-g9010 Series
- Edf-g1002-bp Series
- Vendor
- CVE Published:
- 14 October 2024
Summary
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Affected Version(s)
EDR-8010 Series <= 3.12.1
EDR-G9004 Series <= 3.12.1
EDR-G9010 Series <= 3.12.1
Refferences
CVSS V3.1
Score:
9.4
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Lars Haulin