CVE-2024-9138 Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances

🗓️ 03 Jan 2025 08:14:31Reported by MoxaType

High-severity vulnerability CVE-2024-9138 allows privilege escalation in Moxa routers and appliances.

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerabilities of the microprogrammed Ethernet switch software from Moxa series, including EDR-810, EDR-8010, EDR-G902, EDR-G903, EDR-G9004, EDR-G9010, EDG-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900, are related to the use of weak security mechanisms. These vulnerabilities allow attackers to exploit them to gain increased privileges.	22 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-9138	3 Jan 202508:23	–	circl
CNNVD	Moxa多款产品安全漏洞	3 Jan 202500:00	–	cnnvd
CVE	CVE-2024-9138	3 Jan 202508:14	–	cve
EUVD	EUVD-2024-50434	3 Oct 202520:07	–	euvd
HackRead	Critical Vulnerabilities in Moxa Routers Allow Root Privilege Escalation	8 Jan 202509:05	–	hackread
NCSC	Vulnerabilities fixed in Moxa's cellular routers and network security devices	6 Jan 202507:49	–	ncsc
NVD	CVE-2024-9138	3 Jan 202509:15	–	nvd
Positive Technologies	PT-2025-1200 · Moxa · Edr-G9010 +9	3 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-9138	5 Feb 202504:36	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "EDR-810 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.12.37",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR-8010 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR-G902 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.7.25",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR-G903 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.7.25",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR-G9004 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR-G9010 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDF-G1002-BP Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "NAT-102 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "1.0.5",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OnCell G4302-LTE4 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TN-4900 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.13",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
moxa	www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

03 Jan 2025 08:14Current

CVSS 3.17.2

CVSS 48.6

EPSS0.00246

CWE-656