Cyber security news for all

More

    Moxa Flags Critical Flaws in Cellular and Secure Router Lines

    Taiwanese technology firm Moxa has disclosed the presence of two critical vulnerabilities within its suite of cellular routers, secure routers, and network security devices. These flaws, if exploited, could enable attackers to escalate privileges or execute unauthorized commands, posing significant risks to system integrity.

    Summary of Identified Vulnerabilities:

    1. CVE-2024-9138 (CVSS 4.0 Rating: 8.6)
      This flaw stems from the use of hard-coded credentials, which can empower authenticated users to gain root-level access. Exploitation may result in full system compromise, unauthorized alterations, data breaches, or service interruptions.
    2. CVE-2024-9140 (CVSS 4.0 Rating: 9.3)
      This vulnerability involves the misuse of special characters to bypass input restrictions, potentially enabling unauthorized command execution on the system.

    Affected Products and Firmware Versions:

    CVE-2024-9138:

    • EDR-810 Series (Firmware v5.12.37 and earlier)
    • EDR-8010 Series (Firmware v3.13.1 and earlier)
    • EDR-G902 Series (Firmware v5.7.25 and earlier)
    • EDR-G9004 Series (Firmware v3.13.1 and earlier)
    • EDR-G9010 Series (Firmware v3.13.1 and earlier)
    • EDF-G1002-BP Series (Firmware v3.13.1 and earlier)
    • NAT-102 Series (Firmware v1.0.5 and earlier)
    • OnCell G4302-LTE4 Series (Firmware v3.13 and earlier)
    • TN-4900 Series (Firmware v3.13 and earlier)

    CVE-2024-9140:

    • EDR-8010 Series (Firmware v3.13.1 and earlier)
    • EDR-G9004 Series (Firmware v3.13.1 and earlier)
    • EDR-G9010 Series (Firmware v3.13.1 and earlier)
    • EDF-G1002-BP Series (Firmware v3.13.1 and earlier)
    • NAT-102 Series (Firmware v1.0.5 and earlier)
    • OnCell G4302-LTE4 Series (Firmware v3.13 and earlier)
    • TN-4900 Series (Firmware v3.13 and earlier)

    Available Firmware Updates:

    Moxa has issued patches for several affected devices, urging users to upgrade to the following firmware versions:

    • EDR-810 Series: Version 3.14 or newer
    • EDR-8010 Series: Version 3.14 or newer
    • EDR-G902 Series: Version 3.14 or newer
    • EDR-G903 Series: Version 3.14 or newer
    • EDR-G9004 Series: Version 3.14 or newer
    • EDR-G9010 Series: Version 3.14 or newer
    • EDF-G1002-BP Series: Version 3.14 or newer
    • NAT-102 Series: No official patch currently available
    • OnCell G4302-LTE4 Series: Contact Moxa Technical Support
    • TN-4900 Series: Contact Moxa Technical Support

    Recommended Mitigations:

    To minimize exposure, Moxa advises the following precautionary measures:

    • Restrict device exposure to the public internet.
    • Employ firewall rules or TCP wrappers to limit SSH access strictly to trusted IPs or networks.
    • Deploy monitoring mechanisms to detect and deter exploitation attempts.

    The vulnerabilities, discovered by cybersecurity researcher Lars Haulin, underline the importance of maintaining robust security postures for network-critical infrastructure. Users are urged to implement the necessary updates and safeguards without delay.

    Recent Articles

    Related Stories