Introduction

Researcher Lars Haulin has reported two vulnerabilities affecting multiple Moxa devices, such as routers and network security appliances, one of which is of critical severity. Exploiting these vulnerabilities could allow an attacker to inject operating system commands. [1]

Analysis

The critical vulnerability found is as follows:

CVE-2024-9140 – Improper Neutralization of Special Elements Used in an OS Command (OS Command Injection) (CWE-78): This vulnerability allows operating system command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to system security and functionality.

The following firmware versions and earlier are affected, for each product set:

• 1.0.5:
  • NAT-102.
• 3.13.1:
  • EDR-8010;
  • EDR-G9004;
  • EDR-G9010;
  • EDF-G1002-BP.
• 3.13:
  • OnCell G4302-LTE4;
  • TN-4900.

Recommendations

• Update the firmware to version 3.14 or later for the following products:
  • EDR-8010;
  • EDR-G9004;
  • EDR-G9010;
  • EDF-G1002-BP.
• No official firmware patch is available for the NAT-102 product; refer to the mitigation section on the webpage included in the references.
• Contact Moxa technical support to obtain the security patch for the following products:
  • OnCell G4302-LTE4;
  • TN-4900.

References

[1] Privilege Escalation and OS Command Injection Vulnerabilities in Cellular Routers, Secure Routers, and Network Security Appliances