Lars Haulin

Name of the Vulnerable Software and Affected Versions: Moxa cellular routers, secure routers, and network security appliances versions 3.13.1 and earlier Description: The vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality. The issue is related to the exploitation of special characters to bypass input restrictions, leading to unauthorized command execution. Recommendations: For versions 3.13.1 and earlier, update to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using special characters in input fields until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Moxa EDR-810 versions prior to the fixed version Moxa EDR-8010 versions prior to the fixed version Moxa EDR-G902 versions prior to the fixed version Moxa EDR-G903 versions prior to the fixed version Moxa EDR-G9004 versions prior to the fixed version Moxa EDR-G9010 versions prior to the fixed version Moxa EDF-G1002-BP versions prior to the fixed version Moxa NAT-102 versions prior to the fixed version Moxa OnCell G4302-LTE4 versions prior to the fixed version Moxa TN-4900 versions prior to the fixed version **Description** The issue is related to the use of weak protection mechanisms and hard-coded credentials in Moxa devices, allowing an authenticated user to escalate privileges and gain root-level access to the system. This poses a significant security risk. The vulnerability may be exploited by a remote attacker. **Recommendations** For Moxa EDR-810, upgrade to the latest firmware version. For Moxa EDR-8010, upgrade to the latest firmware version. For Moxa EDR-G902, upgrade to the latest firmware version. For Moxa EDR-G903, upgrade to the latest firmware version. For Moxa EDR-G9004, upgrade to the latest firmware version. For Moxa EDR-G9010, upgrade to the latest firmware version. For Moxa EDF-G1002-BP, upgrade to the latest firmware version. For Moxa NAT-102, restrict SSH access. For Moxa OnCell G4302-LTE4, upgrade to the latest firmware version. For Moxa TN-4900, upgrade to the latest firmware version.

**Name of the Vulnerable Software and Affected Versions** Moxa EDR-8010 versions (affected versions not specified) Moxa EDR-G9004 versions (affected versions not specified) Moxa EDR-G9010 versions (affected versions not specified) Moxa EDR-G1002-BP versions (affected versions not specified) Moxa NAT-102 OnCell G4302-LTE4 versions (affected versions not specified) Moxa TN-4900 versions (affected versions not specified) **Description** The affected product lacks an authentication check when sending commands to the server via the Moxa service. This issue allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. **Recommendations** For Moxa EDR-8010, consider disabling the Moxa service until a patch is available. For Moxa EDR-G9004, restrict access to the Moxa service to minimize the risk of exploitation. For Moxa EDR-G9010, avoid using the Moxa service for critical operations until the issue is resolved. For Moxa EDR-G1002-BP, apply configuration changes to limit the impact of the vulnerability. For Moxa NAT-102 OnCell G4302-LTE4, consider implementing additional security measures to protect against unauthorized access. For Moxa TN-4900, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moxa EDR-8010 versions (affected versions not specified) Moxa EDR-G9004 versions (affected versions not specified) Moxa EDR-G9010 versions (affected versions not specified) Moxa EDF-G1002-BP versions (affected versions not specified) Moxa NAT-102 versions (affected versions not specified) Moxa G4302-LTE4 versions (affected versions not specified) Moxa TN-4900 versions (affected versions not specified) **Description** The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. This issue exists due to the failure to neutralize special elements. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** csregprinter in Mac OS X versions 10.4.11 through 10.5.6 **Description** The issue is related to the csregprinter in the Printing component, which does not properly handle error conditions. This can be exploited by local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. **Recommendations** For Mac OS X versions 10.4.11 through 10.5.6, update to a newer version to mitigate the risk of exploitation.