Moxa router flaws pose serious risks to industrial environmets
January 07, 2025 
Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution.
Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances.
Below are the descriptions for both vulnerabilities:
- CVE-2024-9138 (CVSS 4.0 score: 8.6): This vulnerability involves hard-coded credentials, an authenticated user can trigger the vulnerability to escalate privileges and gain root-level access to the system.
- CVE-2024-9140: (CVSS 4.0 score: 9.3)An attacker can exploit this vulnerability to bypass input restrictions, potentially leading to unauthorized command execution.
Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected devices include various EDR, NAT, and OnCell series on firmware 3.13.1 and earlier. Immediate action is recommended to prevent exploitation.
The products and firmware versions affected by CVE-2024-9138 are listed below:
| Product Series | Affected Versions |
|---|---|
| EDR-810 Series | Firmware version 5.12.37 and earlier |
| EDR-8010 Series | Firmware version 3.13.1 and earlier |
| EDR-G902 Series | Firmware version 5.7.25 and earlier |
| EDR-G902 Series | Firmware version 5.7.25 and earlier |
| EDR-G9004 Series | Firmware version 3.13.1 and earlier |
| EDR-G9010 Series | Firmware version 3.13.1 and earlier |
| EDF-G1002-BP Series | Firmware version 3.13.1 and earlier |
| NAT-102 Series | Firmware version 1.0.5 and earlier |
| OnCell G4302-LTE4 Series | Firmware version 3.13 and earlier |
| TN-4900 Series | Firmware version 3.13 and earlier |
The products and firmware versions affected by CVE-2024-9140 are listed below:
| Product Series | Affected Versions |
|---|---|
| EDR-8010 Series | Firmware version 3.13.1 and earlier |
| EDR-G9004 Series | Firmware version 3.13.1 and earlier |
| EDR-G9010 Series | Firmware version 3.13.1 and earlier |
| EDF-G1002-BP Series | Firmware version 3.13.1 and earlier |
| NAT-102 Series | Firmware version 1.0.5 and earlier |
| OnCell G4302-LTE4 Series | Firmware version 3.13 and earlier |
| TN-4900 Series | Firmware version 3.13 and earlier |
The vendor released the following versions to address the issues:
The company recommends that customers protect the devices by minimizing network exposure, limiting SSH access to trusted IPs, and using IDS/IPS to detect and prevent exploitation attempts.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)