Security Advisory

Moxa Product Security Update Advisory

  • Jan 14 2025

Overview

We have released a security update to fix vulnerabilities in Moxa products. Users of affected products are advised to update to the latest version.

 

Affected Products

CVE-2024-9138

 

EDR-810 Series version: 5.12.37 or below
EDR-8010 Series Version: 3.13.1 or below
EDR-G902 Series Version: 5.7.25 or below
EDR-G903 Series Version: 5.7.25 or below
EDR-G9004 Series Version: 3.13.1 or below
EDR-G9010 Series Version: 3.13.1 or below
EDF-G1002-BP Series Version: 3.13.1 or below
NAT-102 Series Version: 1.0.5 or below
OnCell G4302-LTE4 Series Version: 3.13 or below
TN-4900 Series Version: 3.13 or below

 

CVE-2024-9140

 

EDR-8010 Series Version: 3.13.1 or below
EDR-G9004 Series Version: 3.13.1 or below
EDR-G9010 Series Version: 3.13.1 or below
EDF-G1002-BP Series Version: 3.13.1 or below
NAT-102 Series Version: 1.0.5 or below
OnCell G4302-LTE4 Series Version: 3.13 or below
TN-4900 Series Version: 3.13 or below

 

Resolved Vulnerabilities

Privilege escalation vulnerability due to hardcoded credentials in Moxa (CVE-2024-9138)
Arbitrary code execution vulnerability due to improperly restricted commands in Moxa (CVE-2024-9140)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-9138

 

EDR-810 Series version: 3.14 or at least
EDR-8010 Series Version: 3.14 or at least
EDR-G902 Series version: 3.14 or at least
EDR-G903 Series Version: 3.14 or at least
EDR-G9004 Series Version: 3.14 or at least
EDR-G9010 Series Version: 3.14 or at least
EDF-G1002-BP Series version: 3.14 or at least
NAT-102 Series versions: Official patches and firmware updates are not available
OnCell G4302-LTE4 Series versions: Separate security patches available upon request
TN-4900 Series version: 3.14 or at least

 

CVE-2024-9140

 

EDR-8010 Series Version: 3.14 or at least
EDR-G9004 Series Version: 3.14 or later
EDR-G9010 Series Version: 3.14 or at least
EDF-G1002-BP Series version: 3.14 or at least
NAT-102 Series versions: Official patches and firmware updates are not available
OnCell G4302-LTE4 Series versions: Separate security patches available upon request
TN-4900 Series version: 3.14 or at least

 

Check the references below to perform updates and see Mitigations for unpatched products [1]
– Minimize network exposure to prevent device access from the Internet
– Use firewall rules or TCP Wrapper to limit SSH access to IP addresses and networks
– Implement IDS or IPS to detect and prevent exploit attempts

 

References

[1] Security Advisories
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

Tags:

Previous Post

Next Post