Description

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

INFO

Published Date :

2024-10-14T08:09:22.689Z

Last Modified :

2025-09-19T08:08:52.357Z

Source :

Moxa
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9137 vulnerability.

Vendors Products
Moxa
  • Edf-g1002-bp
  • Edr-8010
  • Edr-g9004
  • Edr-g9010
  • Nat-102
  • Oncell G4302-lte4
  • Tn-4900
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9137.

URL Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances cve-icon cve-icon
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switches cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact