Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances.
The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution.
Risks on Moxa routers
Moxa devices are used in environments with industrial automation and control systems from transportation, utilities and energy, and telecommunications sectors.
On Friday, the vendor issued an urgent warning for the following two vulnerabilities:
CVE-2024-9138 (8.6, high severity score): Hard-coded credentials that enable authenticated users to escalate privileges to root
CVE-2024-9140 (9.3, critical severity score): OS command injection flaw caused by exploiting improper input restrictions, leading to arbitrary code execution
The second flaw is particularly dangerous because it can be exploited by remote attackers.
Moxa has released firmware updates that address the vulnerabilities and notes that “immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.”
The following devices are impacted by both CVE-2024-9140 and CVE-2024-9138:
- EDR-8010 Series on firmware 3.13.1 and earlier
- EDR-G9004 Series on firmware 3.13.1 and earlier
- EDR-G9010 Series on firmware 3.13.1 and earlier
- EDF-G1002-BP Series on firmware 3.13.1 and earlier
- NAT-102 Series on firmware 1.0.5 and earlier
- OnCell G4302-LTE4 Series on firmware 3.13 and earlier
- TN-4900 Series on firmware 3.13 and earlier
Additionally, EDR-810 Series on firmware 5.12.37 and older, EDR-G902 Series on firmware 5.7.25 and older, and TN-4900 Series on firmware 3.13 and older are vulnerable only to CVE-2024-9138.
Users of EDR-8010 Series, EDR-G9004 Series, EDR-G9010, and EDF-G1002-BP Series should upgrade to firmware version 3.14, released on December 31, 2024, to address the problem.
It is advisable to follow the download links for each device model provided on Moxa’s bulletin to obtain the official firmware images.
Admins of OnCell G4302-LTE4 Series and TN-4900 Series are advised to contact Moxa support to receive guidance on patching.
For the NAT-102 Series, there’s currently no patch available, and administrators are recommended to apply mitigations.
Moxa suggests limiting the device’s network exposure and SSH access and using firewalls, IDS, or an Intrusion Prevention System (IPS) to monitor and block exploitation attempts.
The advisory explicitly mentions that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series devices are not vulnerable to either flaw.
