CVE-2024-9137 (CVSS 9.4) in Moxa’s Cellular Routers and Security Appliances: Immediate Patching Required

CVE-2024-9137 and CVE-2024-9139

In a recently disclosed security advisory, Moxa has revealed two critical vulnerabilities affecting its cellular routers, secure routers, and network security appliances. These vulnerabilities, tracked as CVE-2024-9137 and CVE-2024-9139, pose significant risks, allowing attackers to gain unauthorized access and execute arbitrary commands on vulnerable systems.

Vulnerability types and potential impacts:

The first vulnerability, identified as CVE-2024-9137, allows attackers to manipulate device configurations without the need for authentication. This vulnerability carries a CVSS score of 9.4, indicating its high severity. It “lacks an authentication check when sending commands to the server via the Moxa service.” An attacker exploiting this vulnerability could execute specific commands, “potentially leading to unauthorized downloads or uploads of configuration files and system compromise.”

The second vulnerability, designated as CVE-2024-9139, permits OS command injection through improperly restricted commands. With a CVSS score of 7.2, it is also considered a serious threat. It “potentially allows attackers to execute arbitrary code” by exploiting the improperly restricted commands.

Affected products and firmware versions:

The following Moxa products and firmware versions are affected by these vulnerabilities:

  • EDR-8010 Series (Firmware version 3.12.1 and earlier)
  • EDR-G9004 Series (Firmware version 3.12.1 and earlier)
  • EDR-G9010 Series (Firmware version 3.12.1 and earlier)
  • NAT-102 Series (Firmware version 1.0.5 and earlier)
  • OnCell G4302-LTE4 Series (Firmware version 3.9 and earlier)
  • TN-4900 Series (Firmware version 3.6 and earlier)

Solutions and mitigations:

Moxa has released firmware updates to address these vulnerabilities for most of the affected products. Users are strongly advised to upgrade to the latest firmware version 3.13 for the EDR series, OnCell G4302-LTE4 Series, and TN-4900 Series. For the NAT-102 Series, contacting Moxa Technical Support for the security patch is recommended.

In addition to updating firmware, Moxa recommends several mitigation strategies:

  • Minimize network exposure for the devices, ensuring they are not directly accessible from the internet.
  • Restrict SSH access to trusted IP addresses and networks by implementing firewall rules or TCP wrappers.
  • Deploy an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) to monitor network traffic for malicious activities and prevent potential exploitation attempts.

Users of Moxa’s cellular routers, secure routers, and network security appliances are urged to review the security advisory and take immediate action to mitigate the risk posed by these vulnerabilities.

Related Posts: