← voltar
CVE-2024-9137

Moxa Service Missing Authentication for Critical Function

CVSS 8.8 HIGHEPSS 0.5%CWE-306
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 0.5%KEV nãoPoC Patch referenciado
Ciclo de vida
14 out 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Moxa · EDF-G1002-BP SeriesMoxa · EDR-8010 SeriesMoxa · EDR-G9004 SeriesMoxa · EDR-G9010 SeriesMoxa · EDS-405A SeriesMoxa · EDS-408A SeriesMoxa · EDS-505A SeriesMoxa · EDS-508A SeriesMoxa · EDS-510A SeriesMoxa · EDS-510E SeriesMoxa · EDS-516A SeriesMoxa · EDS-518A SeriesMoxa · EDS-518E SeriesMoxa · EDS-528E SeriesMoxa · EDS-608 SeriesMoxa · EDS-611 SeriesMoxa · EDS-616 SeriesMoxa · EDS-619 SeriesMoxa · EDS-G508E SeriesMoxa · EDS-G509 SeriesMoxa · EDS-G512E SeriesMoxa · EDS-G516E SeriesMoxa · EDS-P506E SeriesMoxa · EDS-P510A SeriesMoxa · EDS-P510 SeriesMoxa · ICS-G7526A SeriesMoxa · ICS-G7528A SeriesMoxa · ICS-G7748A SeriesMoxa · ICS-G7750A SeriesMoxa · ICS-G7752A SeriesMoxa · ICS-G7826A SeriesMoxa · ICS-G7828A SeriesMoxa · ICS-G7848A SeriesMoxa · ICS-G7850A SeriesMoxa · ICS-G7852A SeriesMoxa · IKS-6726A SeriesMoxa · IKS-6728A SeriesMoxa · IKS-G6524A SeriesMoxa · IKS-G6824A SeriesMoxa · NAT-102 SeriesMoxa · OnCell G4302-LTE4 SeriesMoxa · PT-7728 SeriesMoxa · PT-7828 SeriesMoxa · PT-G503 SeriesMoxa · PT-G510 SeriesMoxa · PT-G7728 SeriesMoxa · PT-G7828 SeriesMoxa · SDS-3006 SeriesMoxa · SDS-3008 SeriesMoxa · SDS-3010 SeriesMoxa · SDS-3016 SeriesMoxa · SDS-G3006 SeriesMoxa · SDS-G3008 SeriesMoxa · SDS-G3010 SeriesMoxa · SDS-G3016 SeriesMoxa · TN-4500A SeriesMoxa · TN-4900 SeriesMoxa · TN-5500A SeriesMoxa · TN-G4500 SeriesMoxa · TN-G6500 Series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-applianceshttps://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches