CVE-2024-9137
CRITICALMoxa EDR-8010 Series < 3.12.1 - Unauthenticated Missing Authentication for Critical Function
Title source: llmDescription
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
References (2)
Core 2
Core References
Scores
CVSS v3
9.4
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
Status
published
Products (50)
Moxa/EDF-G1002-BP Series
1.0 - 3.12.1
Moxa/EDR-8010 Series
1.0 - 3.12.1
Moxa/EDR-G9004 Series
1.0 - 3.12.1
Moxa/EDR-G9010 Series
1.0 - 3.12.1
Moxa/EDS-405A Series
1.0 - 3.14
Moxa/EDS-405A Series
3.14.4
Moxa/EDS-408A Series
1.0 - 3.12
Moxa/EDS-408A Series
3.14.6
Moxa/EDS-505A Series
1.0 - 3.11
Moxa/EDS-508A Series
1.0 - 3.11
... and 40 more
Published
Oct 14, 2024
Tracked Since
Feb 18, 2026