Overview
- Description
- The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
- Source
- psirt@moxa.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 9.4
- Impact score
- 5.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- psirt@moxa.com
- CWE-306
Social media
- Hype score
- Not currently trending
Moxa ネットワーク/セキュリティ製品の脆弱性 CVE-2024-9137/9139 が FIX:直ちにアップデートを! https://t.co/st2fY5NNXb #IoT #Moxa #OScommandinjection #Router
@iototsecnews
23 Oct 2024
82 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9137 (CVSS:9.4, CRITICAL) is Awaiting Analysis. The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulner..https://t.co/QxqtXEs2iI #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9137 (CVSS:9.4, CRITICAL) is Awaiting Analysis. The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulner..https://t.co/QxqtXEs2iI #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes