Advertisement

Nominations can be submitted for the 2025 CyberScoop 50 awards!

Click here!

Industrial networking manufacturer Moxa reports ‘critical’ router bugs

Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices. 

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
(Getty Images)

Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs that can escalate privileges for an attacker, give root-level access or allow for unauthorized execution of commands.

In a pair of CVEs published Jan. 3, Moxa called the flaws “critical” and warned they “pose a significant security risk” to affected users.

The first (CVE-2024-9138) requires a user to be authenticated and takes advantage of hardcoded credentials in the firmware of 10 different Moxa products to gain root access. The second (CVE-2024-9140) uses special characters to bypass input restrictions and conduct OS command injection attacks for firmware used in 7 Moxa products and can be exploited remotely by an unauthenticated user. The vulnerabilities were rated 8.6 and 9.8 on the Common Vulnerability Scoring System (CVSS) for severity.

“Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks,” the company said in a security advisory.

Moxa products and firmware affected by CVE-2024-9138 (Source: Moxa)
Advertisement
Moxa products and firmware affected by CVE-2024-9140 (Source: Moxa)

Moxa has already developed software patches for many of the affected products. However, some, like NAT-102 Series secure routers, OnCell G4302-LTE4 Series cellular routers and TN-4900 Series M12 routers, currently lack publicly-available patches  for affected firmware or require users to reach out to Moxa for further technical support.

In the event patching is not possible, the company advises users to minimize network exposure and ensure the affected devices aren’t connected to the internet, limit SSH access to trusted IP addresses, and implement intrusion detection systems to monitor for malicious traffic attempting to exploit the vulnerabilities.

Moxa thanked security researcher Lars Haulin for initially reporting the vulnerabilities.

Moxa bills itself as an industrial networking, communications and automation manufacturer. According to the company’s website, their products are used by some of the largest global train builders, wind turbine builders, semiconductor manufacturers, cloud service providers and oil and gas companies in the world.

Advertisement

They list Thailand’s Provincial Electricity Authority, the City of Lancaster, California, software vendor GreenPowerMonitor, consulting firm KPMG and others as users of Moxa products on their customer successes page.

You can read the full security advisory on Moxa’s website.

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Latest Podcasts

Emily Crose on the government’s long history with hackers

Vik Phatak on the inherent issues in native cloud firewalls

Addressing vulnerabilities posed by unmanaged devices within the network

GreyNoise’s Andrew Morris on using AI to find zero-days

Government

Technology

Threats

Geopolitics