Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers

Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution.
The list of vulnerabilities is as follows -
- CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain root-level access to the system, leading to system compromise, unauthorized modifications, data exposure, or service disruption
- CVE-2024-9140 (CVSS 4.0 score: 9.3) - A vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution
The shortcomings, reported by security researcher Lars Haulin, affect the below products and firmware versions -
- CVE-2024-9138 - EDR-810 Series (Firmware version 5.12.37 and earlier), EDR-8010 Series (Firmware version 3.13.1 and earlier), EDR-G902 Series (Firmware version 5.7.25 and earlier), EDR-G902 Series (Firmware version 5.7.25 and earlier), EDR-G9004 Series (Firmware version 3.13.1 and earlier), EDR-G9010 Series (Firmware version 3.13.1 and earlier), EDF-G1002-BP Series (Firmware version 3.13.1 and earlier), NAT-102 Series (Firmware version 1.0.5 and earlier), OnCell G4302-LTE4 Series (Firmware version 3.13 and earlier), and TN-4900 Series (Firmware version 3.13 and earlier)
- CVE-2024-9140 - EDR-8010 Series (Firmware version 3.13.1 and earlier), EDR-G9004 Series (Firmware version 3.13.1 and earlier), EDR-G9010 Series (Firmware version 3.13.1 and earlier), EDF-G1002-BP Series (Firmware version 3.13.1 and earlier), NAT-102 Series (Firmware version 1.0.5 and earlier), OnCell G4302-LTE4 Series (Firmware version 3.13 and earlier), and TN-4900 Series (Firmware version 3.13 and earlier)
Patches have been made available for the following versions -
- EDR-810 Series (Upgrade to the firmware version 3.14 or later)
- EDR-8010 Series (Upgrade to the firmware version 3.14 or later)
- EDR-G902 Series (Upgrade to the firmware version 3.14 or later)
- EDR-G903 Series (Upgrade to the firmware version 3.14 or later)
- EDR-G9004 Series (Upgrade to the firmware version 3.14 or later)
- EDR-G9010 Series (Upgrade to the firmware version 3.14 or later)
- EDF-G1002-BP Series (Upgrade to the firmware version 3.14 or later)
- NAT-102 Series (No official patch available)
- OnCell G4302-LTE4 Series (Please contact Moxa Technical Support)
- TN-4900 Series (Please contact Moxa Technical Support)
As mitigations, it's recommended to ensure that devices are not exposed to the internet, limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers, and implement measures to detect and prevent exploitation attempts.
Open source worldwide: Critical maintenance gaps exposed
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CWE-92 DEPRECATED: Improper Sanitization of Custom Special Characters
CWE-1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System
CWE-432 Dangerous Signal Handler not Disabled During Sensitive Operations
CWE-615 Inclusion of Sensitive Information in Source Code Comments
HighCWE-732 Incorrect Permission Assignment for Critical Resource
Free online web security scanner