CVE-2024-9138

high

Description

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.

References

Advisories
References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html

https://hackread.com/moxa-reports-critical-industrial-router-vulnerabilities/

https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html

https://www.bleepingcomputer.com/news/security/vulnerable-moxa-devices-expose-industrial-networks-to-attacks/

https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/

Details

Source: Mitre, NVD

Published: 2025-01-03

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00064