CVE-2024-9137

Moxa Service Missing Authentication for Critical Function

Severity Score

8.8

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o cargas no autorizadas de archivos de configuración y comprometer el sistema.

*Credits: Lars Haulin

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

Low

None

Integrity

High

None

Availability

High

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-24 CVE Reserved
2024-10-14 CVE Published
2024-10-15 EPSS Updated
2025-01-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

CAPEC-216: Communication Channel Manipulation

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances	2024-10-14
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches	2025-01-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Moxa Search vendor "Moxa"		EDR-8010 Series Search vendor "Moxa" for product "EDR-8010 Series"				>= 1.0.0 <= 3.12.1 Search vendor "Moxa" for product "EDR-8010 Series" and version " >= 1.0.0 <= 3.12.1"		en		Affected
Moxa Search vendor "Moxa"		EDR-G9004 Series Search vendor "Moxa" for product "EDR-G9004 Series"				>= 1.0.0 <= 3.12.1 Search vendor "Moxa" for product "EDR-G9004 Series" and version " >= 1.0.0 <= 3.12.1"		en		Affected
Moxa Search vendor "Moxa"		EDR-G9010 Series Search vendor "Moxa" for product "EDR-G9010 Series"				>= 1.0.0 <= 3.12.1 Search vendor "Moxa" for product "EDR-G9010 Series" and version " >= 1.0.0 <= 3.12.1"		en		Affected
Moxa Search vendor "Moxa"		EDF-G1002-BP Series Search vendor "Moxa" for product "EDF-G1002-BP Series"				>= 1.0.0 <= 3.12.1 Search vendor "Moxa" for product "EDF-G1002-BP Series" and version " >= 1.0.0 <= 3.12.1"		en		Affected
Moxa Search vendor "Moxa"		NAT-102 Series Search vendor "Moxa" for product "NAT-102 Series"				>= 1.0.0 <= 1.0.5 Search vendor "Moxa" for product "NAT-102 Series" and version " >= 1.0.0 <= 1.0.5"		en		Affected
Moxa Search vendor "Moxa"		OnCell G4302-LTE4 Series Search vendor "Moxa" for product "OnCell G4302-LTE4 Series"				>= 1.0 <= 3.9 Search vendor "Moxa" for product "OnCell G4302-LTE4 Series" and version " >= 1.0 <= 3.9"		en		Affected
Moxa Search vendor "Moxa"		TN-4900 Series Search vendor "Moxa" for product "TN-4900 Series"				>= 1.0 <= 3.6 Search vendor "Moxa" for product "TN-4900 Series" and version " >= 1.0 <= 3.6"		en		Affected
Moxa Search vendor "Moxa"		EDS-608 Series Search vendor "Moxa" for product "EDS-608 Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-608 Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-611 Series Search vendor "Moxa" for product "EDS-611 Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-611 Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-616 Series Search vendor "Moxa" for product "EDS-616 Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-616 Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-619 Series Search vendor "Moxa" for product "EDS-619 Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-619 Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-405A Series Search vendor "Moxa" for product "EDS-405A Series"				>= 1.0 <= 3.14 Search vendor "Moxa" for product "EDS-405A Series" and version " >= 1.0 <= 3.14"		en		Affected
Moxa Search vendor "Moxa"		EDS-408A Series Search vendor "Moxa" for product "EDS-408A Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-408A Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-505A Series Search vendor "Moxa" for product "EDS-505A Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-505A Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-508A Series Search vendor "Moxa" for product "EDS-508A Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-508A Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-510A Series Search vendor "Moxa" for product "EDS-510A Series"				>= 1.0 <= 3.12 Search vendor "Moxa" for product "EDS-510A Series" and version " >= 1.0 <= 3.12"		en		Affected
Moxa Search vendor "Moxa"		EDS-516A Series Search vendor "Moxa" for product "EDS-516A Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-516A Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-518A Series Search vendor "Moxa" for product "EDS-518A Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-518A Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-G509 Series Search vendor "Moxa" for product "EDS-G509 Series"				>= 1.0 <= 3.10 Search vendor "Moxa" for product "EDS-G509 Series" and version " >= 1.0 <= 3.10"		en		Affected
Moxa Search vendor "Moxa"		EDS-P510 Series Search vendor "Moxa" for product "EDS-P510 Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-P510 Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-P510A Series Search vendor "Moxa" for product "EDS-P510A Series"				>= 1.0 <= 3.11 Search vendor "Moxa" for product "EDS-P510A Series" and version " >= 1.0 <= 3.11"		en		Affected
Moxa Search vendor "Moxa"		EDS-510E Series Search vendor "Moxa" for product "EDS-510E Series"				>= 1.0 <= 5.5 Search vendor "Moxa" for product "EDS-510E Series" and version " >= 1.0 <= 5.5"		en		Affected
Moxa Search vendor "Moxa"		EDS-518E Series Search vendor "Moxa" for product "EDS-518E Series"				>= 1.0 <= 6.3 Search vendor "Moxa" for product "EDS-518E Series" and version " >= 1.0 <= 6.3"		en		Affected
Moxa Search vendor "Moxa"		EDS-528E Series Search vendor "Moxa" for product "EDS-528E Series"				>= 1.0 <= 6.3 Search vendor "Moxa" for product "EDS-528E Series" and version " >= 1.0 <= 6.3"		en		Affected
Moxa Search vendor "Moxa"		EDS-G508E Series Search vendor "Moxa" for product "EDS-G508E Series"				>= 1.0 <= 6.4 Search vendor "Moxa" for product "EDS-G508E Series" and version " >= 1.0 <= 6.4"		en		Affected
Moxa Search vendor "Moxa"		EDS-G512E Series Search vendor "Moxa" for product "EDS-G512E Series"				>= 1.0 <= 6.4 Search vendor "Moxa" for product "EDS-G512E Series" and version " >= 1.0 <= 6.4"		en		Affected
Moxa Search vendor "Moxa"		EDS-G516E Series Search vendor "Moxa" for product "EDS-G516E Series"				>= 1.0 <= 6.4 Search vendor "Moxa" for product "EDS-G516E Series" and version " >= 1.0 <= 6.4"		en		Affected
Moxa Search vendor "Moxa"		EDS-P506E Series Search vendor "Moxa" for product "EDS-P506E Series"				>= 1.0 <= 5.8 Search vendor "Moxa" for product "EDS-P506E Series" and version " >= 1.0 <= 5.8"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7526A Series Search vendor "Moxa" for product "ICS-G7526A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "ICS-G7526A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7528A Series Search vendor "Moxa" for product "ICS-G7528A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "ICS-G7528A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7748A Series Search vendor "Moxa" for product "ICS-G7748A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7748A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7750A Series Search vendor "Moxa" for product "ICS-G7750A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7750A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7752A Series Search vendor "Moxa" for product "ICS-G7752A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7752A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7826A Series Search vendor "Moxa" for product "ICS-G7826A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "ICS-G7826A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7828A Series Search vendor "Moxa" for product "ICS-G7828A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "ICS-G7828A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7848A Series Search vendor "Moxa" for product "ICS-G7848A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7848A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7850A Series Search vendor "Moxa" for product "ICS-G7850A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7850A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		ICS-G7852A Series Search vendor "Moxa" for product "ICS-G7852A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "ICS-G7852A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		IKS-G6524A Series Search vendor "Moxa" for product "IKS-G6524A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "IKS-G6524A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		IKS-6726A Series Search vendor "Moxa" for product "IKS-6726A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "IKS-6726A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		IKS-6728A Series Search vendor "Moxa" for product "IKS-6728A Series"				>= 1.0 <= 5.9 Search vendor "Moxa" for product "IKS-6728A Series" and version " >= 1.0 <= 5.9"		en		Affected
Moxa Search vendor "Moxa"		IKS-G6824A Series Search vendor "Moxa" for product "IKS-G6824A Series"				>= 1.0 <= 5.10 Search vendor "Moxa" for product "IKS-G6824A Series" and version " >= 1.0 <= 5.10"		en		Affected
Moxa Search vendor "Moxa"		SDS-3006 Series Search vendor "Moxa" for product "SDS-3006 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-3006 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-3008 Series Search vendor "Moxa" for product "SDS-3008 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-3008 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-3010 Series Search vendor "Moxa" for product "SDS-3010 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-3010 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-3016 Series Search vendor "Moxa" for product "SDS-3016 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-3016 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-G3006 Series Search vendor "Moxa" for product "SDS-G3006 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-G3006 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-G3008 Series Search vendor "Moxa" for product "SDS-G3008 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-G3008 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-G3010 Series Search vendor "Moxa" for product "SDS-G3010 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-G3010 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		SDS-G3016 Series Search vendor "Moxa" for product "SDS-G3016 Series"				>= 1.0 <= 3.0 Search vendor "Moxa" for product "SDS-G3016 Series" and version " >= 1.0 <= 3.0"		en		Affected
Moxa Search vendor "Moxa"		PT-7728 Series Search vendor "Moxa" for product "PT-7728 Series"				>= 1.0 <= 3.9 Search vendor "Moxa" for product "PT-7728 Series" and version " >= 1.0 <= 3.9"		en		Affected
Moxa Search vendor "Moxa"		PT-7828 Series Search vendor "Moxa" for product "PT-7828 Series"				>= 1.0 <= 4.0 Search vendor "Moxa" for product "PT-7828 Series" and version " >= 1.0 <= 4.0"		en		Affected
Moxa Search vendor "Moxa"		PT-G503 Series Search vendor "Moxa" for product "PT-G503 Series"				>= 1.0 <= 5.3 Search vendor "Moxa" for product "PT-G503 Series" and version " >= 1.0 <= 5.3"		en		Affected
Moxa Search vendor "Moxa"		PT-G510 Series Search vendor "Moxa" for product "PT-G510 Series"				>= 1.0 <= 6.5 Search vendor "Moxa" for product "PT-G510 Series" and version " >= 1.0 <= 6.5"		en		Affected
Moxa Search vendor "Moxa"		PT-G7728 Series Search vendor "Moxa" for product "PT-G7728 Series"				>= 1.0 <= 6.4 Search vendor "Moxa" for product "PT-G7728 Series" and version " >= 1.0 <= 6.4"		en		Affected
Moxa Search vendor "Moxa"		PT-G7828 Series Search vendor "Moxa" for product "PT-G7828 Series"				>= 1.0 <= 6.4 Search vendor "Moxa" for product "PT-G7828 Series" and version " >= 1.0 <= 6.4"		en		Affected
Moxa Search vendor "Moxa"		TN-4500A Series Search vendor "Moxa" for product "TN-4500A Series"				>= 1.0 <= 3.13 Search vendor "Moxa" for product "TN-4500A Series" and version " >= 1.0 <= 3.13"		en		Affected
Moxa Search vendor "Moxa"		TN-5500A Series Search vendor "Moxa" for product "TN-5500A Series"				>= 1.0 <= 3.13 Search vendor "Moxa" for product "TN-5500A Series" and version " >= 1.0 <= 3.13"		en		Affected
Moxa Search vendor "Moxa"		TN-G4500 Series Search vendor "Moxa" for product "TN-G4500 Series"				>= 1.0 <= 5.5 Search vendor "Moxa" for product "TN-G4500 Series" and version " >= 1.0 <= 5.5"		en		Affected
Moxa Search vendor "Moxa"		TN-G6500 Series Search vendor "Moxa" for product "TN-G6500 Series"				>= 1.0 <= 5.5 Search vendor "Moxa" for product "TN-G6500 Series" and version " >= 1.0 <= 5.5"		en		Affected