NotCVE - vendor:"Moxa" product:"EDR-8010 Series" version:" >= 1.0.0 <= 3.13.1"

4 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-9140

https://notcve.org/view.php?id=CVE-2024-9140

03 Jan 2025 — Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0

CVE-2024-9138 – Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances

https://notcve.org/view.php?id=CVE-2024-9138

03 Jan 2025 — Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo • CWE-656: Reliance on Security Through Obscurity •

CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0

CVE-2024-9139 – OS Command Injection in Restricted Command

https://notcve.org/view.php?id=CVE-2024-9139

14 Oct 2024 — The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. El producto afectado permite la inyección de comandos del sistema operativo a través de comandos restringidos incorrectamente, lo que potencialmente permite a los atacantes ejecutar código arbitrario. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.7EPSS: 0%CPEs: 60EXPL: 0

CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function

https://notcve.org/view.php?id=CVE-2024-9137

14 Oct 2024 — The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •