CVE-2024-9137 HIGH

CVE-2024-9137: Moxa Service Missing Authentication for Critical Function

Vendor Moxa
Product EDR-8010 Series
Weakness CWE-306 · Missing auth
Published October 14, 2024
Last update September 19, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

Key dates

02Disclosure timeline

October 14, 2024 CVE published
September 19, 2025 Record updated