CVSS: 8.7EPSS: 0%CPEs: 49EXPL: 0CVE-2024-7695 – Out-of-bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-7695
29 Jan 2025 — Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches • CWE-787: Out-of-bounds Write •
CVSS: 9.7EPSS: 0%CPEs: 60EXPL: 0CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-9137
14 Oct 2024 — The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •