Moxa, a leading provider of industrial networking and communication solutions, has issued a security advisory warning of two critical vulnerabilities affecting their cellular routers, secure routers, and network security appliances. These vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, could allow attackers to gain unauthorized access to systems and execute commands, potentially compromising sensitive data and disrupting critical infrastructure.
CVE-2024-9138 (CVSS 7.2): Hard-coded Credentials
This vulnerability involves the use of hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system. Moxa warns that “exploitation of hard-coded credentials could allow an authenticated user to gain root-level access, leading to system compromise, unauthorized modifications, data exposure, or service disruption.”
CVE-2024-9140 (CVSS 9.8): Input Validation Bypass
The second vulnerability, CVE-2024-9140, allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution. Moxa’s advisory states that “the affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.”
Affected Products
A wide range of Moxa products are affected by these vulnerabilities, including:
- EDR-810 Series
- EDR-8010 Series
- EDR-G902 Series
- EDR-G903 Series
- EDR-G9004 Series
- EDR-G9010 Series
- EDF-G1002-BP Series
- NAT-102 Series
- OnCell G4302-LTE4 Series
- TN-4900 Series
Solutions and Mitigations
Moxa has released firmware updates to address these vulnerabilities for most of the affected products. However, for the NAT-102 Series, an official patch is not yet available. Moxa recommends users of this product to “minimize network exposure” and “limit SSH access to trusted IP addresses and networks” as mitigations.
Recommendations
Users of Moxa products are strongly advised to review the security advisory and take immediate action to mitigate the risk of exploitation. This includes:
- Upgrading to the latest firmware versions.
- Implementing network security measures, such as firewalls and intrusion detection systems.
- Monitoring systems for suspicious activity.
Moxa has acknowledged Lars Haulin for reporting the vulnerability and collaborating with them to enhance the security of their products.
