Cyber Resilience

CVE-2024-9140

CriticalRCE

Published: 03 January 2025

Published
03 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0072 73.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9140 is a critical-severity OS Command Injection (CWE-78) vulnerability in Moxa (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-9140 is a critical OS command injection vulnerability (CWE-78) affecting Moxa's cellular routers, secure routers, and network security appliances. The flaw stems from improperly restricted commands, allowing attackers to execute arbitrary operating system commands. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

Remote attackers require no authentication or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables arbitrary code execution, granting high-impact access to confidentiality, integrity, and availability of the affected devices, potentially leading to full control over the routers and appliances.

Moxa has published security advisory MPSA-241155 detailing the privilege escalation and OS command injection vulnerabilities, including affected products and recommended mitigations, available at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo. Security practitioners should consult this advisory for patching instructions and workarounds.

EU & UK References

Vulnerability details

Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to…

more

the system’s security and functionality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote unauthenticated OS command injection on public-facing network appliances directly enables T1190 for initial access and arbitrary command execution via T1059.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-60962Shared CWE-78
CVE-2025-23316Shared CWE-78
CVE-2026-30880Shared CWE-78
CVE-2025-64124Shared CWE-78
CVE-2024-58274Shared CWE-78
CVE-2026-34188Shared CWE-78
CVE-2025-0680Shared CWE-78
CVE-2026-5965Shared CWE-78
CVE-2025-50194Shared CWE-78
CVE-2026-44590Shared CWE-78

Affected Assets

Moxa
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection in CVE-2024-9140 by implementing input validation mechanisms at command entry points to block arbitrary command execution.

prevent

Mitigates CVE-2024-9140 by enforcing input restrictions at system interfaces, countering improperly restricted commands that allow arbitrary OS execution.

prevent

Requires timely flaw remediation for the command injection vulnerability in Moxa's routers and appliances, including patching per vendor advisory MPSA-241155.

References