CVE-2024-9138

Published Jan 3, 2025

Last updated 2 months ago

CVSS high 8.6

Overview

Description
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.
Source
psirt@moxa.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@moxa.com
CWE-656

Social media

Hype score
Not currently trending

  1. Moxa has disclosed two critical vulnerabilities affecting its routers and network security appliances. **CVE-2024-9138** (CVSS 8.6) allows authenticated users to escalate privileges and gain root access, potentially leading to system compromise and unauthorized modifications h

    @smart_c_intel

    13 Jan 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  2. شبکه های صنعتی نیز دارای روتر های مخصوص به خود هستند . Moxa یک نوع از این روتر ها می باشد. به تازگی برای این نوع روتر ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-9138 و CVE-2024-9140 از نوع privilege escalation و OS command injection منتشر شده است. https://t.co/Poz3aKY03t https

    @AmirHossein_sec

    12 Jan 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨Upozorňujeme na dvě závažné zranitelnosti v zařízeních společnosti Moxa. CVE-2024-9138: Přítomnost hard-coded credentials umožní autentizovanému uživateli eskalovat privilegia a potenciálně získat přístup do rootu postiženého systému. Může dojít k neautorizovaným modifikacím,…

    @GOVCERT_CZ

    10 Jan 2025

    399 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Moxa Alert! Critical vulnerabilities CVE-2024-9140 & CVE-2024-9138 in their industrial devices can lead to command execution & root access. 🤖 Ensure your defenses are up! Read more: https://t.co/UIrdt2qlKQ #CyberSecurity #IndustrialSecurity

    @ThreatVector24

    8 Jan 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Moxa Routers was affected by critical vulnerabilities #MoxaRouters #CVE-2024-9138 #CVE-2024-9140 https://t.co/anXrXBaimW

    @pravin_karthik

    8 Jan 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Threat Alert: Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Router CVE-2024-9138 CVE-2024-9140 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/glfAhSs0eb #CyberSecurity #ThreatIntel #InfoSec (1/3)

    @fletch_ai

    8 Jan 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 🚨 High-Severity Flaws in Moxa Routers (CVE-2024-9138 & CVE-2024-9140) 🚨 Two critical vulnerabilities risk privilege escalation & command execution in Moxa routers. Firmware patches available for most affected devices: 🛠️ Patch Details: Upgrade to Firmware 3.14 or la

    @arunpratap786

    7 Jan 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Vulnerable Moxa devices expose industrial networks to attacks: https://t.co/sIK62dizkL Moxa has issued an urgent warning regarding two vulnerabilities affecting its cellular routers and network security appliances. CVE-2024-9138 (high severity) involves hard-coded credentials… h

    @securityRSS

    7 Jan 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. کشف 2آسیب پذیری برای روتر MOXA شبکه های صنعتی نیز دارای روتر های مخصوص به خود هستند . Moxa یک نوع از این روتر ها می باشد. به تازگی برای این نوع روتر ۲ آسیب پذیری خطرناک با کدهای شناسایی CVE-2024-9138 و CVE-2024-9140 از نوع privilege escalation و OS command injection منتشر شده است

    @cybernetic_cy

    7 Jan 2025

    222 Impressions

    4 Retweets

    17 Likes

    0 Bookmarks

    15 Replies

    0 Quotes

  10. Two high-severity vulnerabilities (CVE-2024-9138 & CVE-2024-9140) have been discovered in #Moxa’s network appliances, commonly used in critical industries like energy, transportation, and manufacturing. These vulnerabilities pose risks of root-level privilege escalation and…

    @secure_blink

    7 Jan 2025

    152 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 Two vulnerabilities (CVE-2024-9138, CVE-2024-9140) impact Moxa's routers, with CVSS scores of 8.6 and 9.3—allowing root access and unauthorized command execution. 🔑 Patch to version 3.14+ immediately. ➡️ Find out now: https://t.co/UPwx8XVL1A

    @TheHackersNews

    7 Jan 2025

    11946 Impressions

    53 Retweets

    85 Likes

    10 Bookmarks

    3 Replies

    1 Quote

  12. 🔐 Critical CyberAlert: Moxa warns of critical vulnerabilities in their industrial routers and security appliances! CVE-2024-9138 (8.6, high severity): Hard-coded credentials allow privilege escalation to root. CVE-2024-9140 (9.3, critical): OS command injection leading to code

    @GHak2learn27752

    6 Jan 2025

    819 Impressions

    3 Retweets

    8 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  13. #Vulnerability #CVE20249138 CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action https://t.co/OzFW2zfARw

    @Komodosec

    6 Jan 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-9138 ve CVE-2024-9140: Moxa Ürünleri İçin Kritik Güvenlik Açıkları Hakkında Acil Eylem Çağrısı https://t.co/av0p0mWOz0

    @cyberwebeyeos

    6 Jan 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-9138 和 CVE-2024-9140 (CVSS 9.8):Moxa 呼吁立即采取安全行动 https://t.co/t0eH1a4Bos

    @wy88215534

    6 Jan 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-9138 and CVE-2024-9140 (CVSS 9.8): Moxa Calls for Immediate Security Action https://t.co/bKnZA3u3ot

    @Dinosn

    6 Jan 2025

    1683 Impressions

    0 Retweets

    2 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  17. [CVE-2024-9138: HIGH] High-severity vulnerability (CVE-2024-9138) discovered in Moxa's cellular routers, secure routers, and network security appliances due to hard-coded credentials, allowing privileged escalatio...#cybersecurity,#vulnerability https://t.co/TpEPzwsgkk https://t.

    @CveFindCom

    3 Jan 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References