CVE-2024-9140
Published: 03 January 2025
Summary
CVE-2024-9140 is a critical-severity OS Command Injection (CWE-78) vulnerability in Moxa (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-9140 is a critical OS command injection vulnerability (CWE-78) affecting Moxa's cellular routers, secure routers, and network security appliances. The flaw stems from improperly restricted commands, allowing attackers to execute arbitrary operating system commands. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.
Remote attackers require no authentication or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables arbitrary code execution, granting high-impact access to confidentiality, integrity, and availability of the affected devices, potentially leading to full control over the routers and appliances.
Moxa has published security advisory MPSA-241155 detailing the privilege escalation and OS command injection vulnerabilities, including affected products and recommended mitigations, available at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo. Security practitioners should consult this advisory for patching instructions and workarounds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50435
Vulnerability details
Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to…
more
the system’s security and functionality.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated OS command injection on public-facing network appliances directly enables T1190 for initial access and arbitrary command execution via T1059.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents OS command injection in CVE-2024-9140 by implementing input validation mechanisms at command entry points to block arbitrary command execution.
Mitigates CVE-2024-9140 by enforcing input restrictions at system interfaces, countering improperly restricted commands that allow arbitrary OS execution.
Requires timely flaw remediation for the command injection vulnerability in Moxa's routers and appliances, including patching per vendor advisory MPSA-241155.