Taiwan-based Moxa has warned of two safety vulnerabilities impacting its mobile routers, safe routers, and community safety home equipment that might enable privilege escalation and command execution.
The record of vulnerabilities is as follows –
- CVE-2024-9138 (CVSS 4.0 rating: 8.6) – A tough-coded credentials vulnerability that might enable an authenticated person to escalate privileges and acquire root-level entry to the system, resulting in system compromise, unauthorized modifications, information publicity, or service disruption
- CVE-2024-9140 (CVSS 4.0 rating: 9.3) – A vulnerability permits attackers to take advantage of particular characters to bypass enter restrictions, probably resulting in unauthorized command execution
The shortcomings, reported by safety researcher Lars Haulin, have an effect on the under merchandise and firmware variations –
- CVE-2024-9138 – EDR-810 Sequence (Firmware model 5.12.37 and earlier), EDR-8010 Sequence (Firmware model 3.13.1 and earlier), EDR-G902 Sequence (Firmware model 5.7.25 and earlier), EDR-G902 Sequence (Firmware model 5.7.25 and earlier), EDR-G9004 Sequence (Firmware model 3.13.1 and earlier), EDR-G9010 Sequence (Firmware model 3.13.1 and earlier), EDF-G1002-BP Sequence (Firmware model 3.13.1 and earlier), NAT-102 Sequence (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Sequence (Firmware model 3.13 and earlier), and TN-4900 Sequence (Firmware model 3.13 and earlier)
- CVE-2024-9140 – EDR-8010 Sequence (Firmware model 3.13.1 and earlier), EDR-G9004 Sequence (Firmware model 3.13.1 and earlier), EDR-G9010 Sequence (Firmware model 3.13.1 and earlier), EDF-G1002-BP Sequence (Firmware model 3.13.1 and earlier), NAT-102 Sequence (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Sequence (Firmware model 3.13 and earlier), and TN-4900 Sequence (Firmware model 3.13 and earlier)
Patches have been made obtainable for the next variations –
- EDR-810 Sequence (Improve to the firmware model 3.14 or later)
- EDR-8010 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G902 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G903 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G9004 Sequence (Improve to the firmware model 3.14 or later)
- EDR-G9010 Sequence (Improve to the firmware model 3.14 or later)
- EDF-G1002-BP Sequence (Improve to the firmware model 3.14 or later)
- NAT-102 Sequence (No official patch obtainable)
- OnCell G4302-LTE4 Sequence (Please contact Moxa Technical Assist)
- TN-4900 Sequence (Please contact Moxa Technical Assist)
As mitigations, it is beneficial to make sure that gadgets will not be uncovered to the web, restrict SSH entry to trusted IP addresses and networks utilizing firewall guidelines or TCP wrappers, and implement measures to detect and forestall exploitation makes an attempt.
