CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-0676 – Commend Injection Leading to Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-0676
02 Apr 2025 — This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2025-0415 – Command Injection in NTP Setting
https://notcve.org/view.php?id=CVE-2025-0415
02 Apr 2025 — A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos) • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.6EPSS: 0%CPEs: 10EXPL: 0CVE-2024-9138 – Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances
https://notcve.org/view.php?id=CVE-2024-9138
03 Jan 2025 — Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo • CWE-656: Reliance on Security Through Obscurity •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-9139 – OS Command Injection in Restricted Command
https://notcve.org/view.php?id=CVE-2024-9139
14 Oct 2024 — The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. El producto afectado permite la inyección de comandos del sistema operativo a través de comandos restringidos incorrectamente, lo que potencialmente permite a los atacantes ejecutar código arbitrario. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •