Critical severity9.4NVD Advisory· Published Oct 14, 2024· Updated Apr 15, 2026

CVE-2024-9137

Description

The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliancesnvd
www.moxa.com/en/support/product-support/security-advisory/mpsa-241156-cve-2024-9137-missing-authentication-vulnerability-in-ethernet-switchesnvd

News mentions

No linked articles in our index yet.

cvss	0.611
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000