Moxa, a leading provider in industrial networking, computing, and communications equipment, has identified and addressed two vulnerabilities affecting various models of cellular routers, secure routers, and network security devices. One of the vulnerabilities is classified as critical, enabling remote code execution, prompting Moxa to advise users to apply the patches immediately.

In response to the vulnerabilities (CVE-2024-9138 and CVE-2024-9140), Moxa released patches to address the issues. The first vulnerability, related to hardcoded credentials, allows unauthorized access with elevated privileges on models such as EDR-810 Series, EDR-8010 Series, and EDR-G902 Series. The second, more severe vulnerability permits threat actors to exploit input restrictions, potentially leading to remote execution of arbitrary commands on devices like EDR-G9004 Series, EDR-G9010 Series, and EDF-G1002-BP Series.

Moxa has issued specific patches for affected models and firmware versions, ensuring that certain endpoints like MRC-1002 Series, TN-5900 Series, and OnCell 3120-LTE-1 Series remain unaffected. For users unable to apply the patches immediately, Moxa has recommended several mitigations, including reducing network exposure, limiting SSH access to trusted networks, and implementing IDS or IPS systems for threat detection.

For a complete list of impacted devices and additional information, refer to the provided link. Stay informed and keep your systems secure.