Moxa, a Taiwan-based company, recently issued a warning about two security vulnerabilities affecting its cellular routers, secure routers, and network security appliances. These vulnerabilities could potentially lead to privilege escalation and unauthorized command execution. The vulnerabilities, CVE-2024-9138 and CVE-2024-9140, were identified by security researcher Lars Haulin.
CVE-2024-9138 involves a hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain root-level access, resulting in system compromise or unauthorized modifications. On the other hand, CVE-2024-9140 allows attackers to bypass input restrictions using special characters, potentially leading to unauthorized command execution.
The affected products and firmware versions include a range of devices such as the EDR-810 Series, EDR-G902 Series, EDR-G9004 Series, and others. Moxa has released patches for some of the affected versions, advising users to upgrade to firmware version 3.14 or later for specific devices.
To mitigate the risks associated with these vulnerabilities, users are recommended to ensure that devices are not exposed to the internet, restrict SSH access to trusted IP addresses, and implement measures to detect and prevent exploitation attempts. This proactive approach can help safeguard against potential security threats.
For more cybersecurity updates and exclusive content, follow The Hacker News on Twitter and LinkedIn. Stay informed about the latest developments in network security and protect your systems from potential vulnerabilities.
Source link