Moxa CVE-2024-9404: Denial-of-Service Vulnerability Identified in the VPort 07-3 Series

MonitorCVSS 6.9MPSA-240930Dec 4, 2024

Moxa

Summary

CVE-2024-9404 is a denial-of-service vulnerability affecting Moxa VPort 07 IP cameras. The moxa_cmd service, used for device deployment and management, does not properly validate input (CWE-1287). An unauthenticated remote attacker can send malformed input to crash the service, causing the camera to go offline and stop streaming video. The vulnerability is remotely exploitable over the network with no authentication or user interaction required. Moxa has not announced a patch; all versions of the VPort 07 are affected.

What this means

What could happen

An attacker can remotely crash the Moxa VPort camera by sending malformed input to the moxa_cmd service, interrupting video surveillance and potentially leaving blind spots in security monitoring systems. This affects any facility relying on these cameras for facility monitoring, perimeter surveillance, or incident recording.

Who's at risk

Water utilities, power plants, and municipal facilities using Moxa VPort 07 series IP cameras for surveillance, facility monitoring, or physical security systems. Any organization with these cameras exposed to untrusted networks faces denial-of-service risk to their video surveillance infrastructure.

How it could be exploited

An attacker sends specially crafted input to the moxa_cmd service running on the VPort 07 camera. The service lacks proper input validation and crashes in response, causing the camera to go offline and stop streaming video. No authentication is required if the camera is reachable over the network.

Prerequisites

Network access to the moxa_cmd service port on the VPort 07 camera
Camera exposed to untrusted networks or internet (no firewall segmentation)

remotely exploitableno authentication requiredlow complexityno patch availableaffects surveillance/monitoring systems

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

the VPort 07All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate affected Moxa VPort 07 cameras from the internet and untrusted networks using network segmentation or firewall rules. Restrict access to the moxa_cmd service port to only authorized management networks.

WORKAROUNDIf cameras must remain internet-facing, deploy a reverse proxy or WAF rule that filters malformed requests to the moxa_cmd service.

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Moxa security advisories for a firmware patch. Contact Moxa support to confirm patch availability timeline for CVE-2024-9404.

HARDENINGImplement network monitoring and alerting on unexpected crashes or loss of video feed from VPort 07 cameras to detect exploitation attempts.

CVEs (1)

CVE-2024-9404

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b6138d9-cbf4-4945-933f-d5cfa4fa0a88

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.