- Moxa found two flaws affecting cellular router models, secure routers, and network security equipment
- One of the bugs was deemed critical since it allowed for RCE
- Patches are already available, so update now
Moxa, a global powerhouse in industrial networking, computing, and communications gear, has recently addressed two vulnerabilities impacting different cellular router models, secure routers, and network security gear.
Since one of the vulnerabilities is deemed critical, and can be abused remotely to devastating effect, Moxa urged its users to apply the fixes immediately.
In a security advisory, Moxa said it released patches for CVE-2024-9138, and CVE-2024-9140. The first one is due to hardcoded credentials, allowing threat actors to elevate privileges and gain root-level access. It was granted a severity score of 8.6, and was said to affect ten models. Those include EDR-810 Series, EDR-8010 Series, and EDR-G902 Series.
Moxa devices targeted
The second vulnerability is more severe, allowing threat actors to exploit special characters to bypass input restrictions. As a result, they could be allowed to run arbitrary commands remotely which, in turn, could lead to full device takeover.
This bug was given a severity score of 9.8 (critical), and was said to affect a somewhat smaller list of devices. Among others, it includes EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series.
Moxa released different patches for different models and firmware versions, and added that the MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series endpoints were not vulnerable to either bug.
It also offered a set of mitigations for those unable to apply the patch immediately. These include:
- Minimizing network exposure to ensure the device is not accessible from the Internet.
- Limiting SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.
- Implementing IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. “These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks,” the company said.
The entire list of affected endpoints can be found on this link.