Taiwan-based Moxa has warned of two safety vulnerabilities impacting its mobile routers, safe routers, and community safety home equipment that might enable privilege escalation and command execution.
The record of vulnerabilities is as follows –
- CVE-2024-9138 (CVSS 4.0 rating: 8.6) – A tough-coded credentials vulnerability that might enable an authenticated consumer to escalate privileges and acquire root-level entry to the system, resulting in system compromise, unauthorized modifications, information publicity, or service disruption
- CVE-2024-9140 (CVSS 4.0 rating: 9.3) – A vulnerability permits attackers to use particular characters to bypass enter restrictions, probably resulting in unauthorized command execution
The shortcomings, reported by safety researcher Lars Haulin, have an effect on the beneath merchandise and firmware variations –
- CVE-2024-9138 – EDR-810 Collection (Firmware model 5.12.37 and earlier), EDR-8010 Collection (Firmware model 3.13.1 and earlier), EDR-G902 Collection (Firmware model 5.7.25 and earlier), EDR-G902 Collection (Firmware model 5.7.25 and earlier), EDR-G9004 Collection (Firmware model 3.13.1 and earlier), EDR-G9010 Collection (Firmware model 3.13.1 and earlier), EDF-G1002-BP Collection (Firmware model 3.13.1 and earlier), NAT-102 Collection (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Collection (Firmware model 3.13 and earlier), and TN-4900 Collection (Firmware model 3.13 and earlier)
- CVE-2024-9140 – EDR-8010 Collection (Firmware model 3.13.1 and earlier), EDR-G9004 Collection (Firmware model 3.13.1 and earlier), EDR-G9010 Collection (Firmware model 3.13.1 and earlier), EDF-G1002-BP Collection (Firmware model 3.13.1 and earlier), NAT-102 Collection (Firmware model 1.0.5 and earlier), OnCell G4302-LTE4 Collection (Firmware model 3.13 and earlier), and TN-4900 Collection (Firmware model 3.13 and earlier)
Patches have been made obtainable for the next variations –
- EDR-810 Collection (Improve to the firmware model 3.14 or later)
- EDR-8010 Collection (Improve to the firmware model 3.14 or later)
- EDR-G902 Collection (Improve to the firmware model 3.14 or later)
- EDR-G903 Collection (Improve to the firmware model 3.14 or later)
- EDR-G9004 Collection (Improve to the firmware model 3.14 or later)
- EDR-G9010 Collection (Improve to the firmware model 3.14 or later)
- EDF-G1002-BP Collection (Improve to the firmware model 3.14 or later)
- NAT-102 Collection (No official patch obtainable)
- OnCell G4302-LTE4 Collection (Please contact Moxa Technical Assist)
- TN-4900 Collection (Please contact Moxa Technical Assist)
As mitigations, it is beneficial to make sure that gadgets are usually not uncovered to the web, restrict SSH entry to trusted IP addresses and networks utilizing firewall guidelines or TCP wrappers, and implement measures to detect and forestall exploitation makes an attempt.