CVE-2024-9404

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9404
This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches
Configurations

No configuration.

History

20 Feb 2025, 02:15

Type Values Removed Values Added
References
  • () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240933-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-pt-switches -

07 Feb 2025, 07:15

Type Values Removed Values Added
References
  • () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240931-cve-2024-9404-denial-of-service-vulnerability-identified-in-multiple-eds,-ics,-iks,-and-sds-switches -
Summary
  • (es) Moxa’s IP Cameras se ven afectadas por una vulnerabilidad de gravedad media, CVE-2024-9404, que podría provocar una condición de denegación de servicio o provocar un bloqueo del servicio. Esta vulnerabilidad permite a los atacantes explotar el servicio Moxa, comúnmente conocido como moxa_cmd, originalmente diseñado para la implementación. Debido a una validación de entrada insuficiente, este servicio puede ser manipulado para activar una denegación de servicio. Esta vulnerabilidad plantea una amenaza remota significativa si los productos afectados se exponen a redes de acceso público. Los atacantes podrían interrumpir las operaciones apagando los sistemas afectados. Debido a la naturaleza crítica de este riesgo de seguridad, recomendamos encarecidamente tomar medidas inmediatas para evitar una posible explotación.
Summary (en) Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation. (en) This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat, potentially allowing attackers to shut down affected systems.
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : 7.5

04 Dec 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-04 04:15

Updated : 2025-02-20 02:15

NVD link : CVE-2024-9404

Mitre link : CVE-2024-9404

CVE.ORG link : CVE-2024-9404

JSON object : View

Products Affected

No product.

CWE
CWE-1287

Improper Validation of Specified Type of Input