- US Launches Cyber Trust Mark for IoT Devices
- The best sound systems of 2025: Expert tested
- Unlocking Efficiency with Docker for AI and Cloud-Native Development | Docker
- Tech industry sounds alarm over US AI Export Control Framework
- I traveled 70,000+ miles last year for work - here's what's in my bag
Moxa Urges Immediate Updates for Security Vulnerabilities
Moxa has identified two critical security vulnerabilities in its cellular routers, secure routers and network security appliances that could pose significant risks if left unaddressed.
The first vulnerability, CVE-2024-9138, involves hard-coded credentials that could allow authenticated users to escalate their privileges to root-level access, enabling system compromise, unauthorized modifications, data exposure and service disruptions.
The second, CVE-2024-9140, involves an OS command injection issue where improperly restricted commands can be exploited with special characters, potentially allowing attackers to execute arbitrary code.
Affected Products and Recommendations
These vulnerabilities affect several Moxa product series and firmware versions, including:
-
EDR-810 Series (firmware version 5.12.37 and earlier)
-
EDR-8010 Series (firmware version 3.13.1 and earlier)
-
EDR-G902 Series (firmware version 5.7.25 and earlier)
-
NAT-102 Series (firmware version 1.0.5 and earlier)
Moxa has confirmed that these vulnerabilities do not affect the MRC-1002 Series, TN-5900 Series and OnCell 3120-LTE-1 Series.
Read more on network security: Over 60% of Network Security Appliance Flaws Exploited as Zero Days
Immediate Action Recommended
Moxa has released firmware updates for many affected products, with versions 3.14 or later providing the necessary patches. However, the NAT-102 Series and some others still require additional mitigations until a patch becomes available. Organizations are advised to apply available patches immediately to mitigate the risks.
To further reduce exposure, Moxa advises limiting network accessibility by ensuring devices are not exposed to the internet, restricting SSH access to trusted IP addresses and implementing intrusion detection or prevention systems (IDS/IPS) to monitor for attack attempts.
The vulnerabilities were reported to Moxa under responsible disclosure by security researcher Lars Haulin. Cybersecurity experts have highlighted the importance of timely updates in industrial environments.
“For the moment, this does not appear to be a zero-day vulnerability that’s already being exploited in the wild, and a patch is available,” said Comparitech’s Paul Bischoff.
“However, unlike our cell phones and laptops, industrial equipment isn’t always set up to automatically download and install the latest update. Administrators of the vulnerable routers need to ensure they apply the necessary firmware updates as soon as possible. Considering the industrial environments that Moxa routers are used in, a successful attack could have serious consequences.”
Chris Hauk from Pixel Privacy echoed this sentiment, stressing the importance of proactive patch management to avoid exploitation.
“Cases like this, where a vulnerability exists, but so does an update that can fix the vulnerabilities used by the attack, underscore the need for enterprises to keep close track of updates so they can be installed as soon as possible,” Hauk explained. “Only by keeping track of vulnerabilities and their fixes can organizations keep their systems safer from attack.”
