Taiwan-based Moxa has warned of two security vulnerabilities impacting its mobile routers, safe routers, and community security home equipment that might permit privilege escalation and command execution.
The record of vulnerabilities is as follows –
- CVE-2024-9138 (CVSS 4.0 rating: 8.6) – A tough-coded credentials vulnerability that might permit an authenticated person to escalate privileges and achieve root-level entry to the system, resulting in system compromise, unauthorized modifications, knowledge publicity, or service disruption
- CVE-2024-9140 (CVSS 4.0 rating: 9.3) – A vulnerability permits attackers to use particular characters to bypass enter restrictions, probably resulting in unauthorized command execution
The shortcomings, reported by security researcher Lars Haulin, have an effect on the beneath merchandise and firmware variations –
- CVE-2024-9138 – EDR-810 Sequence (Firmware model 5.12.37 and earlier), EDR-8010 Sequence (Firmware model 3.13.1 and earlier), EDR-G902 Sequence (Firmware model 5.7.25 and earlier), EDR-G902 Sequence (Firmware model 5.7.25 and earlier), EDR-G9004 Sequence (Firmware model 3.13.1 and earlier), EDR-G9010 Sequence (Firmware model 3.13.1 and earlier), EDF-G1002-BP Sequence (Firmware model 3.13.1 and earlier), NAT-102 Sequence (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Sequence (Firmware model 3.13 and earlier), and TN-4900 Sequence (Firmware model 3.13 and earlier)
- CVE-2024-9140 – EDR-8010 Sequence (Firmware model 3.13.1 and earlier), EDR-G9004 Sequence (Firmware model 3.13.1 and earlier), EDR-G9010 Sequence (Firmware model 3.13.1 and earlier), EDF-G1002-BP Sequence (Firmware model 3.13.1 and earlier), NAT-102 Sequence (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Sequence (Firmware model 3.13 and earlier), and TN-4900 Sequence (Firmware model 3.13 and earlier)
Patches have been made out there for the next variations –
- EDR-810 Sequence (Improve to the firmware model 3.14 or later)
- EDR-8010 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G902 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G903 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G9004 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G9010 Sequence (Improve to the firmware model 3.14 or later)
- EDF-G1002-BP Sequence (Improve to the firmware model 3.14 or later)
- NAT-102 Sequence (No official patch out there)
- OnCell G4302-LTE4 Sequence (Please contact Moxa Technical Assist)
- TN-4900 Sequence (Please contact Moxa Technical Assist)
As mitigations, it is really helpful to make sure that units should not uncovered to the web, restrict SSH entry to trusted IP addresses and networks utilizing firewall guidelines or TCP wrappers, and implement measures to detect and forestall exploitation makes an attempt.
