CVE-2024-9140

CRITICAL

Moxa TN-4900 Series < 3.13 - OS Command Injection

Title source: llm

Description

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.

References (1)

Core 1

Core References

Various Sources vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

Scores

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 67.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (7)

Moxa/EDF-G1002-BP Series 1.0 - 3.13.1

Moxa/EDR-8010 Series 1.0 - 3.13.1

Moxa/EDR-G9004 Series 1.0 - 3.13.1

Moxa/EDR-G9010 Series 1.0 - 3.13.1

Moxa/NAT-102 Series 1.0 - 1.0.5

Moxa/OnCell G4302-LTE4 Series 1.0 - 3.13

Moxa/TN-4900 Series 1.0 - 3.13

Published Jan 03, 2025

Tracked Since Feb 18, 2026