CVE-2024-9137

Name of the Vulnerable Software and Affected Versions Moxa EDR-8010 versions (affected versions not specified) Moxa EDR-G9004 versions (affected versions not specified) Moxa EDR-G9010 versions (affected versions not specified) Moxa EDR-G1002-BP versions (affected versions not specified) Moxa NAT-102 OnCell G4302-LTE4 versions (affected versions not specified) Moxa TN-4900 versions (affected versions not specified)

Description The affected product lacks an authentication check when sending commands to the server via the Moxa service. This issue allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

Recommendations For Moxa EDR-8010, consider disabling the Moxa service until a patch is available. For Moxa EDR-G9004, restrict access to the Moxa service to minimize the risk of exploitation. For Moxa EDR-G9010, avoid using the Moxa service for critical operations until the issue is resolved. For Moxa EDR-G1002-BP, apply configuration changes to limit the impact of the vulnerability. For Moxa NAT-102 OnCell G4302-LTE4, consider implementing additional security measures to protect against unauthorized access. For Moxa TN-4900, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.