What is CVE-2024-9137?

CVE-2024-9137 is a critical-severity vulnerability in Moxa Edf-g1002-bp Series, classified under Missing Authentication for Critical Function. CVSS score: 9.4/10. Published 2024-10-14.

How severe is CVE-2024-9137?

Critical severity. CVSS v3 base score is 9.4 out of 10.

Auth bypass in Moxa Edf-g1002-bp Series

CVE-2024-9137

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of c…

Vulnerability class: Broken Authentication

EPSS: 0.001 (34.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.4 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H.

Affected products

Moxa Edf-g1002-bp Series — versions 1.0
Moxa Edr-8010 Series — versions 1.0
Moxa Edr-g9004 Series — versions 1.0
Moxa Edr-g9010 Series — versions 1.0
Moxa Eds-405a Series — versions 1.0, 3.14.4
Moxa Eds-408a Series — versions 1.0, 3.14.6
Moxa Eds-505a Series — versions 1.0
Moxa Eds-508a Series — versions 1.0
Moxa Eds-510a Series — versions 1.0
Moxa Eds-510e Series — versions 1.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-a… (vendor-advisory)
www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-… (vendor-advisory)

Frequently asked questions

What is CVE-2024-9137?: CVE-2024-9137 is a critical-severity vulnerability in Moxa Edf-g1002-bp Series, classified under Missing Authentication for Critical Function. CVSS score: 9.4/10. Published 2024-10-14.
How severe is CVE-2024-9137?: Critical severity. CVSS v3 base score is 9.4 out of 10.