Bug Bounty Platform Vulnerability Allows Arbitrary Code Execution
CVE-2024-9139
7.2HIGH
Key Information
- Vendor
- Moxa
- Status
- Edr-8010 Series
- Edr-g9004 Series
- Edr-g9010 Series
- Edf-g1002-bp Series
- Vendor
- CVE Published:
- 14 October 2024
Summary
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.
Affected Version(s)
EDR-8010 Series <= 3.12.1
EDR-G9004 Series <= 3.12.1
EDR-G9010 Series <= 3.12.1
Refferences
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Lars Haulin