CVE-2024-9139

EUVD-2024-49752
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
moxaedr-8010_firmware
1.0 ≤
𝑥
≤ 3.12.1
ADP
moxaedr-g9004_firmware
1.0 ≤
𝑥
≤ 3.12.1
ADP
moxaedr-g9010_firmware
1.0 ≤
𝑥
≤ 3.12.1
ADP
moxaedf-g1002-bp_firmware
1.0 ≤
𝑥
≤ 3.12.1
ADP
moxanat-102_firmware
1.0 ≤
𝑥
≤ 1.0.5
ADP
moxaoncell_g4302-lte4_firmware
1.0 ≤
𝑥
≤ 3.9
ADP
moxatn-4900_firmware
1.0 ≤
𝑥
≤ 3.6
ADP
moxaedr-810_firmware
1.0 ≤
𝑥
≤ 5.12.33
ADP
Common Weakness Enumeration
References
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances