MUST READ

Aisuru botnet is behind record 20Tb/sec DDoS attacks

 | 

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

 | 

Critical ASP.NET flaw hits QNAP NetBak PC Agent

 | 

Ransomware payments hit record low: only 23% Pay in Q3 2025

 | 

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

 | 

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

 | 

Crafted URLs can trick OpenAI Atlas into running dangerous commands

 | 

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

 | 

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

 | 

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

 | 

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

 | 

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

 | 

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

 | 

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

 | 

Lazarus targets European defense firms in UAV-themed Operation DreamJob

 | 

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

 | 

Moxa router flaws pose serious risks to industrial environmets

Pierluigi Paganini January 07, 2025

Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution.

Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances.

Below are the descriptions for both vulnerabilities:

  • CVE-2024-9138 (CVSS 4.0 score: 8.6): This vulnerability involves hard-coded credentials, an authenticated user can trigger the vulnerability to escalate privileges and gain root-level access to the system.
  • CVE-2024-9140: (CVSS 4.0 score: 9.3)An attacker can exploit this vulnerability to bypass input restrictions, potentially leading to unauthorized command execution.

Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected devices include various EDR, NAT, and OnCell series on firmware 3.13.1 and earlier. Immediate action is recommended to prevent exploitation.

The products and firmware versions affected by CVE-2024-9138 are listed below:

Product SeriesAffected Versions
EDR-810 SeriesFirmware version 5.12.37 and earlier
EDR-8010 SeriesFirmware version 3.13.1 and earlier
EDR-G902 SeriesFirmware version 5.7.25 and earlier
EDR-G902 SeriesFirmware version 5.7.25 and earlier
EDR-G9004 SeriesFirmware version 3.13.1 and earlier
EDR-G9010 SeriesFirmware version 3.13.1 and earlier
EDF-G1002-BP SeriesFirmware version 3.13.1 and earlier
NAT-102 SeriesFirmware version 1.0.5 and earlier
OnCell G4302-LTE4 SeriesFirmware version 3.13 and earlier
TN-4900 SeriesFirmware version 3.13 and earlier

The products and firmware versions affected by CVE-2024-9140 are listed below:

Product SeriesAffected Versions
EDR-8010 SeriesFirmware version 3.13.1 and earlier
EDR-G9004 SeriesFirmware version 3.13.1 and earlier
EDR-G9010 SeriesFirmware version 3.13.1 and earlier
EDF-G1002-BP SeriesFirmware version 3.13.1 and earlier
NAT-102 SeriesFirmware version 1.0.5 and earlier
OnCell G4302-LTE4 SeriesFirmware version 3.13 and earlier
TN-4900 SeriesFirmware version 3.13 and earlier

The vendor released the following versions to address the issues:

Product SeriesSolutions
EDR-810 SeriesUpgrade to the firmware version 3.14 or later
EDR-8010 SeriesUpgrade to the firmware version 3.14 or later
EDR-G902 SeriesUpgrade to the firmware version 3.14 or later
EDR-G903 SeriesUpgrade to the firmware version 3.14 or later
EDR-G9004 SeriesUpgrade to the firmware version 3.14 or later
EDR-G9010 SeriesUpgrade to the firmware version 3.14 or later
EDF-G1002-BP SeriesUpgrade to the firmware version 3.14 or later
NAT-102 SeriesAn official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.
OnCell G4302-LTE4 SeriesPlease contact Moxa Technical Support for the security patch
TN-4900 SeriesPlease contact Moxa Technical Support for the security patch

The company recommends that customers protect the devices by minimizing network exposure, limiting SSH access to trusted IPs, and using IDS/IPS to detect and prevent exploitation attempts.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Moxa

you might also like

Pierluigi Paganini October 28, 2025
Aisuru botnet is behind record 20Tb/sec DDoS attacks
Read more
Pierluigi Paganini October 28, 2025
Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Aisuru botnet is behind record 20Tb/sec DDoS attacks

Malware / October 28, 2025

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

Cyber Crime / October 28, 2025

Critical ASP.NET flaw hits QNAP NetBak PC Agent

Security / October 28, 2025

Ransomware payments hit record low: only 23% Pay in Q3 2025

Cyber Crime / October 28, 2025

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

Security / October 28, 2025