PT-2025-14464 · Moxa · Edf-G1002-Bp+18
Published
2025-04-02
·
Updated
2025-04-08
·
CVE-2025-0415
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined.
Description
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edf-G1002-Bp
Edf-G1002-Bp Series
Edr-8010
Edr-8010 Series
Edr-810 Series
Edr-G9004
Edr-G9004 Series
Edr-G9010
Edr-G9010 Series
Moxa Edr-810
Moxa Edr-8010 Series
Moxa Edr-G9010 Series
Moxa Oncell G4302-Lte4 Series
Moxa Tn-4900
Nat-102
Nat-102 Series
Oncell G4302-Lte4
Tn-4900
Tn-4900 Series