As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that pose a significant security risk.

  • CVE-2024-9138: This vulnerability involves hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system.
  • CVE-2024-9140: This vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution.

Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.

The identified vulnerability types and potential impacts are listed below:

Item Vulnerability Type Impact
1

CWE-656: Reliance on Security Through Obscurity (CVE-2024-9138)

Exploitation of hard-coded credentials could allow an authenticated user to gain root-level access, leading to system compromise, unauthorized modifications, data exposure, or service disruption.
2 CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CVE-2024-9140) The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Vulnerability Scoring Details 

ID Base Score Vector Unauthenticated Remote Exploits
CVE-2024-9138 CVSS 3.1: 7.2

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

No
CVSS 4.0: 8.6

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 

CVE-2024-9140 CVSS 3.1: 9.8

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Yes
CVSS 4.0: 9.3

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Note: This advisory uses CVSS 3.1 as the standard for determining severity levels. CVSS 4.0 is provided as a reference metric for comparison.

AFFECTED PRODUCTS AND SOLUTIONS

The Products Affected by CVE-2024-9138:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDR-810 Series Firmware version 5.12.37 and earlier
EDR-8010 Series Firmware version 3.13.1 and earlier
EDR-G902 Series Firmware version 5.7.25 and earlier
EDR-G903 Series Firmware version 5.7.25 and earlier
EDR-G9004 Series Firmware version 3.13.1 and earlier
EDR-G9010 Series Firmware version 3.13.1 and earlier
EDF-G1002-BP Series Firmware version 3.13.1 and earlier
NAT-102 Series Firmware version 1.0.5 and earlier
OnCell G4302-LTE4 Series Firmware version 3.13 and earlier
TN-4900 Series Firmware version 3.13 and earlier

 

The Products Affected by CVE-2024-9140:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDR-8010 Series Firmware version 3.13.1 and earlier
EDR-G9004 Series Firmware version 3.13.1 and earlier
EDR-G9010 Series Firmware version 3.13.1 and earlier
EDF-G1002-BP Series Firmware version 3.13.1 and earlier
NAT-102 Series Firmware version 1.0.5 and earlier
OnCell G4302-LTE4 Series Firmware version 3.13 and earlier
TN-4900 Series Firmware version 3.13 and earlier

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for affected products are listed below.

Product Series Solutions
EDR-810 Series Upgrade to the firmware version 3.14 or later
EDR-8010 Series Upgrade to the firmware version 3.14 or later
EDR-G902 Series Upgrade to the firmware version 3.14 or later
EDR-G903 Series Upgrade to the firmware version 3.14 or later
EDR-G9004 Series Upgrade to the firmware version 3.14 or later
EDR-G9010 Series Upgrade to the firmware version 3.14 or later
EDF-G1002-BP Series Upgrade to the firmware version 3.14 or later
NAT-102 Series Upgrade to the firmware version 3.15 or later
OnCell G4302-LTE4 Series Please contact Moxa Technical Support for the security patch
TN-4900 Series Upgrade to the firmware version 3.14 or later

 

Mitigations:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

 

Products That Are Not Vulnerable

Only the products listed in the Affected Products section of this advisory are known to be affected by these vulnerabilities. Moxa has confirmed that these vulnerabilities do not affect the following products:

  • MRC-1002 Series
  • TN-5900 Series
  • OnCell 3120-LTE-1 Series

 

Acknowledgment

We would like to express our appreciation to Lars Haulin for reporting the vulnerability, collaborating with us to enhance the security of our products, and helping us deliver better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release January 3, 2025
1.1 Updated the solution for the TN-4900 Series January 8, 2025
1.2 Corrected the product name January 10, 2025
1.3 Updated the solution for the NAT-102 Series January 15, 2025

Relevant Products

EDF-G1002-BP Series · EDR-8010 Series · EDR-810 Series · EDR-G9004 Series · EDR-G9010 Series · EDR-G902 Series · EDR-G903 Series · NAT-102 Series · OnCell G4302-LTE4 Series · TN-4900 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback