CVE-2024-9139 HIGH

CVE-2024-9139: OS Command Injection in Restricted Command

Vendor Moxa

Product EDR-8010 Series

Weakness CWE-78

Published October 14, 2024

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.

Key dates

02Disclosure timeline

October 14, 2024 CVE published

November 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-9139

Related vulnerabilities

Identifiers

CVE CVE-2024-9139

CWE CWE-78

CVSS 8.6 / HIGH

Affected versions

Vendor Moxa

Product EDR-8010 Series

Affected ≥ 1.0 and ≤ 3.12.1

Vendor Moxa

Product EDR-G9004 Series

Affected ≥ 1.0 and ≤ 3.12.1

Vendor Moxa

Product EDR-G9010 Series

Affected ≥ 1.0 and ≤ 3.12.1

Vendor Moxa

Product EDF-G1002-BP Series

Affected ≥ 1.0 and ≤ 3.12.1

Vendor Moxa

Product NAT-102 Series

Affected ≥ 1.0 and ≤ 1.0.5

Vendor Moxa

Product OnCell G4302-LTE4 Series

Affected ≥ 1.0 and ≤ 3.9

Vendor Moxa

Product TN-4900 Series

Affected ≥ 1.0 and ≤ 3.6

Vendor Moxa

Product EDR-810 Series

Affected ≥ 1.0 and ≤ 5.12.33

CVE-2024-9139: OS Command Injection in Restricted Command

01Description

02Disclosure timeline

03References

04Related CVE