As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

  • Security Advisory ID: MPSA-240930
  • Version: V1.0
  • Release Date: Dec 04, 2024
  • Reference:

    CVE-2024-9404 (Moxa)

Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service.

This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.


The Identified Vulnerability Type and Potential Impact

Item Vulnerability Type Impact
1

CWE-1287: Improper Validation of Specified Type of Input (CVE-2024-9404)

This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentically allowing attackers to shut down affected systems.

Vulnerability Scoring Details 

ID Base Score Vector Unauthenticated Remote Exploits
CVE-2024-9404 CVSS 4.0: 6.9

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Yes
CVSS 3.1: 5.3

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are listed below.

Product Series Affected Versions
VPort 07-3 Series Firmware version 1.0

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.

Product Series Solutions
VPort 07-3 Series Upgrade to the firmware version 1.1 or later version

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

 

Acknowledgement:

We would like to express our gratitude to YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity testing team for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release December 4, 2024
1.1 Corrected CVE-2024-9404 information January 3, 2025

Relevant Products

VPort 07-3 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback