CVE-2024-9404 Vulnerability Details

  /     /     /  

CVE-2024-9404 Metadata Quick Info

CVE Published: 04/12/2024 | CVE Updated: 04/12/2024 | CVE Year: 2024
Source: Moxa | Vendor: Moxa | Product: VPort 07-3 Series
Status : PUBLISHED

---

CVE-2024-9404 Description

Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1287
CWE Name: CWE-1287: Improper Validation of Specified Type of Input
Source: Moxa

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-6
CAPEC Description: CAPEC-6: Argument Injection


Source: NVD (National Vulnerability Database).