Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

Monitor6.9MPSA-240930Dec 4, 2024

Summary

Moxa VPort 07 series IP cameras are vulnerable to a denial-of-service attack (CVE-2024-9404) in the moxa_cmd service due to insufficient input validation. An unauthenticated attacker on the network can send malformed input to crash or stop the camera service, disrupting video surveillance. All versions of VPort 07 are affected, and no patch is available from Moxa.

What this means

What could happen

An attacker can crash the VPort 07 camera or disrupt video surveillance service without authentication, leaving surveillance gaps in your facility monitoring.

Who's at risk

Water utilities, electric utilities, and any facility using Moxa VPort 07 IP cameras for surveillance of critical infrastructure, pump stations, substations, or control rooms should assess their exposure. This affects all versions of the VPort 07 series.

How it could be exploited

An attacker sends a specially crafted input to the moxa_cmd service on a reachable VPort 07 camera. Because the service does not properly validate this input, it crashes or becomes unresponsive, causing the camera to stop streaming video.

Prerequisites

Network access to the moxa_cmd service port on the VPort 07 camera
VPort 07 camera is reachable from the attacker's network location
No authentication credentials required

Remotely exploitableNo authentication requiredLow attack complexityNo patch availableAffects monitoring/safety systems

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

the VPort 07All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to VPort 07 cameras using a firewall or VLAN—only allow connections from authorized management workstations and monitoring systems.

WORKAROUNDDisable or isolate the moxa_cmd service if it is no longer used for deployment.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to the affected cameras for suspicious or malformed input patterns.

Long-term hardening

0/1

HOTFIXPlan replacement of VPort 07 cameras with a current Moxa model that receives security updates, since no patch is available for this product line.

CVEs (1)

CVE-2024-9404

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b6138d9-cbf4-4945-933f-d5cfa4fa0a88