We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-9404

Denial-of-Service Vulnerability Identified in the VPort 07-3 Series



Description

Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.

Reserved 2024-10-01 | Published 2024-12-04 | Updated 2024-12-04 | Assigner Moxa


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

The vulnerability causes only the network server service (HTTPS on port 443) to restart. This does not affect the main functionality of the product. After an automatic restart, the service resumes normal operation without disruption to core functions.

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

The vulnerability causes only the network server service (HTTPS on port 443) to restart. This does not affect the main functionality of the product. After an automatic restart, the service resumes normal operation without disruption to core functions.

Problem types

CWE-1287: Improper Validation of Specified Type of Input

Product status

Default status
unaffected

1.0
affected

Credits

YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com) from Moxa's cybersecurity testing team finder

References

www.moxa.com/...rability-identified-in-the-vport-07-3-series vendor-advisory

cve.org (CVE-2024-9404)

nvd.nist.gov (CVE-2024-9404)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-9404

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.