CVE-2024-9140

Name of the Vulnerable Software and Affected Versions: Moxa cellular routers, secure routers, and network security appliances versions 3.13.1 and earlier

Description: The vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality. The issue is related to the exploitation of special characters to bypass input restrictions, leading to unauthorized command execution.

Recommendations: For versions 3.13.1 and earlier, update to a patched version to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using special characters in input fields until the issue is resolved. At the moment, there is no information about additional mitigation measures.