Moxa has identified critical vulnerabilities in its range of cellular and secure routers, which may allow unauthorized privilege escalation and command execution, requiring immediate patching.
Security researcher Lars Haulin reported vulnerabilities CVE-2024-9138 and CVE-2024-9140, affecting a selection of Moxa's products, with CVSS scores indicating significant risk.
CVE-2024-9138 presents a hard-coded credentials weakness, allowing authenticated users root access, while CVE-2024-9140 enables attackers to exploit input restrictions for command execution.
Affected products span several series, mostly requiring firmware upgrades; Moxa encourages users to address these vulnerabilities promptly to ensure data security and service integrity.
Collection
[
|
...
]