Moxa has issued a warning about high-severity and critical vulnerabilities in its cellular routers and network security appliances, allowing remote attackers to gain root privileges and execute arbitrary commands. Immediate firmware updates are recommended to mitigate these risks. Affected Platform: Moxa cellular routers, secure routers, network security appliances
Keypoints :
- Moxa warns of two critical vulnerabilities affecting its devices.
- CVE-2024-9138: High severity due to hard-coded credentials allowing privilege escalation.
- CVE-2024-9140: Critical severity OS command injection flaw enabling arbitrary code execution.
- Vulnerabilities can be exploited remotely, posing significant risks.
- Firmware updates have been released to address the vulnerabilities.
- Immediate action is recommended to prevent potential exploitation.
- Specific device models and firmware versions are impacted.
- Some devices have no available patch; mitigations are advised.
- Network exposure and SSH access should be limited to enhance security.
- Not all Moxa devices are vulnerable to these flaws.
MITRE Techniques :
- TA0002: Execution – Exploitation of CVE-2024-9140 allows arbitrary code execution.
- TA0003: Persistence – CVE-2024-9138 enables privilege escalation through hard-coded credentials.
Indicator of Compromise :
- [domain] moxa.com
- [file name] firmware_3.14.bin
- [file hash] SHA256: examplehash1234567890
- [others] hard-coded credentials
- [others] OS command injection vulnerability
- Check the article for all found IoCs.
Full Research: https://www.prsol.cc/2025/01/07/vulnerable-moxa-devices-expose-industrial-networks-to-attacks/