FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-9137

Missing Authentication for Critical Function (CWE-306)

Published: Oct 14, 2024 / Updated: 36d ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9137

Oct 14, 2024 at 9:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9137. See article

Oct 14, 2024 at 9:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 14, 2024 at 9:24 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Moxa/tn-4900
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

Moxa Product Security Update Advisory (CVE-2024-9137, CVE-2024-9139)
ASEC / 35d
If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version. The following product-specific Vulnerability Patches are available in the latest update.
CVE Alert: CVE-2024-9137
RedPacket Security / 35d
Affected Endpoints: No affected endpoints listed.
CVE-2024-9137 (CVSS 9.4) in Moxa’s Cellular Routers and Security Appliances: Immediate Patching Required [ics] [net] [sys]
Talkback News / 35d
Moxa's cellular routers, secure routers, and network security appliances are vulnerable to unauthorized access and arbitrary code execution due to CVE-2024-9137 and CVE-2024-9139, with firmware updates and mitigation strategies advised.
Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check
36d
Moxa - CRITICAL - CVE-2024-9137 The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
CVE-2024-9137 (CVSS 9.4) in Moxa’s Cellular Routers and Security Appliances: Immediate Patching Required
Cybersecurity News / 36d
It “ potentially allows attackers to execute arbitrary code ” by exploiting the improperly restricted commands. The following Moxa products and firmware versions are affected by these vulnerabilities:
See 12 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:High
Availability Impact:High

Categories

CVSS 9.4(27010)CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial