cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9137,https://securityvulnerability.io/vulnerability/CVE-2024-9137,Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check,"An authentication check vulnerability exists in Moxa routers and network security appliances when commands are sent to the server via the Moxa service. This flaw enables attackers to execute predefined commands remotely, which may lead to unauthorized upload or download of configuration files, posing significant risks to system integrity and security. Without proper authentication mechanisms in place, the likelihood of exploitation increases, potentially compromising sensitive data and system functionality.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Eds-608 Series,Eds-611 Series,Eds-616 Series,Eds-619 Series,Eds-405a Series,Eds-408a Series,Eds-505a Series,Eds-508a Series,Eds-510a Series,Eds-516a Series,Eds-518a Series,Eds-g509 Series,Eds-p510 Series,Eds-p510a Series,Eds-510e Series,Eds-518e Series,Eds-528e Series,Eds-g508e Series,Eds-g512e Series,Eds-g516e Series,Eds-p506e Series,Ics-g7526a Series,Ics-g7528a Series,Ics-g7748a Series,Ics-g7750a Series,Ics-g7752a Series,Ics-g7826a Series,Ics-g7828a Series,Ics-g7848a Series,Ics-g7850a Series,Ics-g7852a Series,Iks-g6524a Series,Iks-6726a Series,Iks-6728a Series,Iks-g6824a Series,Sds-3006 Series,Sds-3008 Series,Sds-3010 Series,Sds-3016 Series,Sds-g3006 Series,Sds-g3008 Series,Sds-g3010 Series,Sds-g3016 Series,Pt-7728 Series,Pt-7828 Series,Pt-g503 Series,Pt-g510 Series,Pt-g7728 Series,Pt-g7828 Series,Tn-4500a Series,Tn-5500a Series,Tn-g4500 Series,Tn-g6500 Series",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0
CVE-2024-9139,https://securityvulnerability.io/vulnerability/CVE-2024-9139,Bug Bounty Platform Vulnerability Allows Arbitrary Code Execution,"The vulnerability allows for OS command injection due to improperly restricted commands in Moxa's network security appliances. This oversight permits attackers to execute arbitrary code on the affected systems, potentially compromising the integrity and availability of services. Attack vectors may involve sending specially crafted inputs that the application erroneously processes, leading to unauthorized command execution. Organizations utilizing Moxa routers and network security appliances should address this vulnerability promptly to mitigate risks associated with potential exploitation.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Edr-810 Series",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0
CVE-2023-34216,https://securityvulnerability.io/vulnerability/CVE-2023-34216,Second Order Command-injection Vulnerability in the Key-delete Function,"The Moxa TN-4900 and TN-5900 Series firmware prior to specified versions contain a command injection vulnerability linked to insufficient input validation in the key-delete function. This flaw allows unauthorized users to execute arbitrary commands, which could result in the deletion of any file on the affected system. Users are advised to upgrade to the latest firmware versions to mitigate potential risks.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34217,https://securityvulnerability.io/vulnerability/CVE-2023-34217,Second Order Command-injection Vulnerability in the Certificate-delete Function,"The TN-4900 and TN-5900 Series firmware prior to version v1.2.4 and v3.3 respectively are affected by a command-injection vulnerability due to inadequate input validation in the certificate-delete function. This flaw allows malicious actors to potentially delete arbitrary files from the affected devices, posing a significant risk to the integrity and functionality of the systems.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-33238,https://securityvulnerability.io/vulnerability/CVE-2023-33238,Command-injection Vulnerability in Certificate Management,"The TN-4900 and TN-5900 Series firmware from Moxa contains a command injection vulnerability due to insufficient input validation within the certificate management function. This flaw allows attackers to potentially execute arbitrary commands remotely on the affected devices, posing significant security risks that could compromise device integrity and data confidentiality.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-33239,https://securityvulnerability.io/vulnerability/CVE-2023-33239,Second Order Command-injection Vulnerability in the Key-generation Function,"The TN-4900 and TN-5900 Series firmware from Moxa is susceptible to a command injection vulnerability due to inadequate input validation in the key-generation process. Malicious users can exploit this weakness to execute arbitrary commands remotely, posing significant risks to the affected devices' integrity and security.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0