www.belgium.be Logo of the federal government

WARNING: TWO CRITICAL VULNERABILITIES IN MOXA ROUTERS AND NETWORK SECURITY APPLIANCES, INCLUDING ONE VULNERABILITY ALLOWING FOR REMOTE CODE EXECUTION. PATCH IMMEDIATELY!

Referentie: 
Advisory #2025-05
Versie: 
1.0
Geïmpacteerde software: 
Moxa cellular routers, secure routers and network security appliances
Type: 
Remote code execution, Privilege escalation
CVE/CVSS: 

CVE-2024-9138: CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVE-2024-9140: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Bronnen

Moxa advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

Risico’s

On 3 January 2025, Moxa addressed two vulnerabilities in Moxa cellular routers, secure routers and network security appliances:

  • An authenticated user could exploit CVE-2024-9138 to escalate privileges and gain root-level access to the system.
  • Attackers could leverage CVE-2024-9140 to gain remote code execution.

There is no information as to active exploitation at this time (cut-off date: 7 January 2025).

Exploitation of these vulnerabilities can have a high impact on confidentiality, integrity and availability.

Beschrijving

CVE-2024-9138 is a vulnerability involving hard-coded credentials. An authenticated user could exploit this vulnerability to escalate privileges and gain root-level access to the system, leading to system compromise, unauthorized modifications, data exposure, or service disruption.

CVE-2024-46981 is a critical OS command injection vulnerability. An attacker could exploit special characters to bypass input restrictions and therefore be able to execute arbitrary code.

Aanbevolen acties

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Moxa recommends the following updates:

EDR-810 Series, EDR-8010 Series, EDR-G902 Series, EDR-G903 Series, EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series - Upgrade to the firmware version 3.14 or later.

NAT-102 Series - An official patch or firmware update is not currently available for this product.
Please refer to the Mitigations section below for recommended measures to address the vulnerability.

OnCell G4302-LTE4 Series - Please contact Moxa Technical Support for the security patch

TN-4900 Series - Please contact Moxa Technical Support for the security patch

For NAT-102 Series, Moxa recommends the following mitigations:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
  • Implement Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://notif.safeonweb.be/.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties

Moxa advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo