9.4
CVE-2024-9137
- EPSS 0.5%
- Veröffentlicht 14.10.2024 09:15:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@moxa.com
- CVE-Watchlists
- Unerledigt
Moxa Service Missing Authentication for Critical Function
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellermoxa
≫
Produkt
edr-g9010
Default Statusunknown
Version <=
3.12.1
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
nat-102
Default Statusunknown
Version <=
1.0.5
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
tn-4900
Default Statusunknown
Version <=
3.6
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
oncell_g4302-lte4
Default Statusunknown
Version <=
3.9
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
edf-g1002-bp
Default Statusunknown
Version <=
3.12.1
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
edr-g9004
Default Statusunknown
Version <=
3.12.1
Version
1.0
Status
affected
Herstellermoxa
≫
Produkt
edr-8010
Default Statusunknown
Version <=
3.12.1
Version
1.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@moxa.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@moxa.com | 9.4 | 3.9 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches