{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9139", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2024-09-24T07:11:43.318Z", "datePublished": "2024-10-14T08:20:52.200Z", "dateUpdated": "2024-11-06T20:47:06.342Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G9004 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EDR-810 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "5.12.33", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lars Haulin"}], "datePublic": "2024-10-14T08:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.</p>"}], "value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-25T06:39:57.957Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.</span></li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.</li></ol><br>"}], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\n * TN-4900 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version."}], "source": {"discovery": "EXTERNAL"}, "title": "OS Command Injection in Restricted Command", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>"}], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "moxa", "product": "edr-8010_firmware", "cpes": ["cpe:2.3:o:moxa:edr-8010_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-g9004_firmware", "cpes": ["cpe:2.3:o:moxa:edr-g9004_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-g9010_firmware", "cpes": ["cpe:2.3:o:moxa:edr-g9010_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edf-g1002-bp_firmware", "cpes": ["cpe:2.3:o:moxa:edf-g1002-bp_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.12.1", "versionType": "custom"}]}, {"vendor": "moxa", "product": "nat-102_firmware", "cpes": ["cpe:2.3:o:moxa:nat-102_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "1.0.5", "versionType": "custom"}]}, {"vendor": "moxa", "product": "oncell_g4302-lte4_firmware", "cpes": ["cpe:2.3:o:moxa:oncell_g4302-lte4_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.9", "versionType": "custom"}]}, {"vendor": "moxa", "product": "tn-4900_firmware", "cpes": ["cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "3.6", "versionType": "custom"}]}, {"vendor": "moxa", "product": "edr-810_firmware", "cpes": ["cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected", "lessThanOrEqual": "5.12.33", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-14T15:23:34.875609Z", "id": "CVE-2024-9139", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T20:47:06.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9139", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-14T15:23:34.875609Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:moxa:edr-8010_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-8010_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:edr-g9004_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g9004_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:edr-g9010_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-g9010_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:edf-g1002-bp_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edf-g1002-bp_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:nat-102_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "nat-102_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:oncell_g4302-lte4_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "oncell_g4302-lte4_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "tn-4900_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*"], "vendor": "moxa", "product": "edr-810_firmware", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.12.33"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:30:07.315Z"}}], "cna": {"title": "OS Command Injection in Restricted Command", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Lars Haulin"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "EDR-8010 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9004 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9010 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDF-G1002-BP Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.12.1"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "NAT-102 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "OnCell G4302-LTE4 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.9"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "TN-4900 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.6"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-810 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "5.12.33"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\n * TN-4900 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.", "supportingMedia": [{"type": "text/html", "value": "<p>Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.</p><ol><li><span style=\"background-color: var(--wht);\">EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.</span></li><li>EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.</li><li>NAT-102 Series: Please contact Moxa Technical Support for the security patch.</li><li>OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.</li><li>TN-4900 Series: Upgrade to the firmware version 3.13 or later version.</li><li>EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.</li></ol><br>", "base64": false}]}], "datePublic": "2024-10-14T08:20:00.000Z", "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.", "supportingMedia": [{"type": "text/html", "value": "<p></p><ul><li>Minimize network exposure to ensure the device is not accessible from the Internet.</li><li>Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.</li><li>Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.</li></ul><p></p>\n\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.", "supportingMedia": [{"type": "text/html", "value": "<p>The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2024-10-25T06:39:57.957Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9139", "state": "PUBLISHED", "dateUpdated": "2024-11-06T20:47:06.342Z", "dateReserved": "2024-09-24T07:11:43.318Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2024-10-14T08:20:52.200Z", "assignerShortName": "Moxa"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code."}, {"lang": "es", "value": "El producto afectado permite la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de comandos restringidos incorrectamente, lo que potencialmente permite a los atacantes ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2024-9139", "lastModified": "2024-10-15T12:57:46.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "psirt@moxa.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2024-10-14T09:15:04.693", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}