Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check
CVE-2024-9137

8.8HIGH

Key Information:

Vendor
Moxa
Status
Edr-8010 Series
Edr-g9004 Series
Edr-g9010 Series
Edf-g1002-bp Series
Vendor
CVE Published:
14 October 2024

Summary

An authentication check vulnerability exists in Moxa routers and network security appliances when commands are sent to the server via the Moxa service. This flaw enables attackers to execute predefined commands remotely, which may lead to unauthorized upload or download of configuration files, posing significant risks to system integrity and security. Without proper authentication mechanisms in place, the likelihood of exploitation increases, potentially compromising sensitive data and system functionality.

Affected Version(s)

EDF-G1002-BP Series 1.0 <= 3.12.1

EDR-8010 Series 1.0 <= 3.12.1

EDR-G9004 Series 1.0 <= 3.12.1

References

https://www.moxa.com/en/support/product-support/security-...
vendor-advisory
https://www.moxa.com/en/support/product-support/security-...
vendor-advisory

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

Lars Haulin
.