CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-9139 – OS Command Injection in Restricted Command
https://notcve.org/view.php?id=CVE-2024-9139
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. El producto afectado permite la inyección de comandos del sistema operativo a través de comandos restringidos incorrectamente, lo que potencialmente permite a los atacantes ejecutar código arbitrario. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-9137
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuración y comprometer el sistema. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •