Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.