As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Missing Authentication and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. The first vulnerability, CVE-2024-9137, allows attackers to manipulate device configurations without authentication. The second vulnerability, CVE-2024-9139, permits OS command injection through improperly restricted commands, potentially enabling attackers to execute arbitrary codes. These vulnerabilities pose a significant security risk, and it is highly recommended to take immediate action in order to prevent potential exploitation.


The identified vulnerability types and potential impacts are listed below:

Item Vulnerability Type Impact
1

CWE-306: Missing Authentication for Critical Function

(CVE-2024-9137)

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
2

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

(CVE-2024-9139)

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Vulnerability Scoring Details 

ID CVSS Vector Unauthenticated Remote Exploits
CVE-2024-9137 CVSS 3.1: 9.4 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H Yes
CVSS 4.0: 8.8 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2024-9139 CVSS 3.1: 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H No
CVSS 4.0: 8.6 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
AFFECTED PRODUCTS AND SOLUTIONS

The Products Affected by CVE-2024-9137:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDR-8010 Series Firmware version 3.12.1 and earlier versions
EDR-G9004 Seires Firmware version 3.12.1 and earlier versions
EDR-G9010 Series Firmware version 3.12.1 and earlier versions
EDF-G1002-BP Series Firmware version 3.12.1 and earlier versions
NAT-102 Series Firmware version 1.0.5 and earlier versions
OnCell G4302-LTE4 Series Firmware version 3.9 and earlier versions
TN-4900 Series Firmware version 3.6 and earlier versions

 

The Products Affected by CVE-2024-9139:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDR-8010 Series Firmware version 3.12.1 and earlier versions
EDR-G9004 Seires Firmware version 3.12.1 and earlier versions
EDR-G9010 Series Firmware version 3.12.1 and earlier versions
EDF-G1002-BP Series Firmware version 3.12.1 and earlier versions
NAT-102 Series Firmware version 1.0.5 and earlier versions
OnCell G4302-LTE4 Series Firmware version 3.9 and earlier versions
TN-4900 Series Firmware version 3.6 and earlier versions
EDR-810 Series Firmware version 5.12.33 and earlier versions

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.

Product Series Solutions
EDR-8010 Series Upgrade to the firmware version 3.13 or later version
EDR-G9004 Series Upgrade to the firmware version 3.13 or later version
EDR-G9010 Series Upgrade to the firmware version 3.13 or later version
EDF-G1002-BP Series Upgrade to the firmware version 3.13 or later version
NAT-102 Series Please contact Moxa Technical Support for further assistance
OnCell G4302-LTE4 Series Upgrade to the firmware version 3.13 or later version
TN-4900 Series Upgrade to the firmware version 3.13 or later version
EDR-810 Series Upgrade to the firmware version 5.12.37 or later version

 

Mitigations:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

 

Acknowledgment

We would like to express our appreciation to Lars Haulin for reporting the vulnerability, collaborating with us to enhance the security of our products, and helping us deliver better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release October 14, 2024
1.1 Acknowledgment section has been added. Mitigations section has been updated to reflect the latest recommendations. October 15, 2024
1.2 Updated the solutions for the affected product, EDR-810 Series. October 25, 2024
1.3 Updated the solution for the affected product, NAT-102 Series. November 22, 2024

Relevant Products

EDF-G1002-BP Series · EDR-8010 Series · EDR-810 Series · EDR-G9004 Series · EDR-G9010 Series · NAT-102 Series · OnCell G4302-LTE4 Series · TN-4900 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback