The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Metrics
Affected Vendors & Products
References
History
Tue, 15 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Moxa
Moxa edf-g1002-bp Moxa edr-8010 Moxa edr-g9004 Moxa edr-g9010 Moxa nat-102 Moxa oncell G4302-lte4 Moxa tn-4900 |
|
CPEs | cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:* cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Moxa
Moxa edf-g1002-bp Moxa edr-8010 Moxa edr-g9004 Moxa edr-g9010 Moxa nat-102 Moxa oncell G4302-lte4 Moxa tn-4900 |
|
Metrics |
ssvc
|
Mon, 14 Oct 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | |
Title | Moxa Service Missing Authentication for Critical Function | |
Weaknesses | CWE-306 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Moxa
Published: 2024-10-14T08:09:22.689Z
Updated: 2024-10-15T14:32:26.853Z
Reserved: 2024-09-24T07:11:35.456Z
Link: CVE-2024-9137
Vulnrichment
Updated: 2024-10-15T14:32:04.043Z
NVD
Status : Awaiting Analysis
Published: 2024-10-14T09:15:04.403
Modified: 2024-10-15T12:57:46.880
Link: CVE-2024-9137
Redhat
No data.