Summary: Moxa has identified two critical security vulnerabilities in its cellular routers and network security appliances that could lead to privilege escalation and unauthorized command execution. Users are urged to apply patches and implement security measures to mitigate potential risks.
Threat Actor: Unknown | unknown
Victim: Moxa | Moxa
Key Point :
- CVE-2024-9138 (CVSS 4.0 score: 8.6) allows authenticated users to escalate privileges and gain root access.
- CVE-2024-9140 (CVSS 4.0 score: 9.3) enables attackers to bypass input restrictions, leading to unauthorized command execution.
- Affected products include various series of EDR and OnCell routers with specific firmware versions.
- Patches are available for several models, while some require contacting Moxa Technical Support for assistance.
- Mitigation strategies include limiting internet exposure and restricting SSH access to trusted IPs.
Source: https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html