2025-01-08 13:45:48 Pacfic
Moxa Routers Face Critical Vulnerabilities - 19h
Moxa has identified two critical security vulnerabilities in its cellular routers, secure routers, and network security appliances. The first vulnerability, CVE-2024-9138, involves hard-coded credentials that could allow authenticated users to escalate their privileges to root-level access, enabling system compromise, unauthorized modifications, data exposure, and service disruptions. The second flaw is CVE-2024-9140. Both have a CVSS score of 9.8. Moxa is urging users to apply immediate updates to mitigate these risks.
Four-Faith Router Flaw Enables Remote Attacks - 8d
A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.
Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.