CVE-2024-9138

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-656
View all →

Vulnerability Description

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.

Related Vulnerabilities

CVE-2020-10277

MEDIUM
CVSS:6.4(Medium)

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

CWE-6562020

CVE-2020-10284

CRITICAL
CVSS:9.1(Critical)

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

CWE-6562020

CVE-2025-41652

CRITICAL
CVSS:9.8(Critical)

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to ...

CWE-6562025

CVE-2020-10286

CRITICAL
CVSS:9.4(Critical)

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file...

CWE-6562020

CVE-2020-10284

CRITICAL
CVSS:9.1(Critical)

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

CWE-6562020

CVE-2020-10277

MEDIUM
CVSS:6.4(Medium)

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

CWE-6562020