CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12297

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00151/1

CVE-2024-12297 describes an authentication bypass vulnerability in Moxa Ethernet switches. Exploiting flaws in the authorization mechanism, attackers can potentially compromise the security of the device. This vulnerability allows for brute-force attacks to guess credentials or MD5 collision attacks to forge authentication hashes. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, while not critical, this vulnerability should still be monitored as it indicates a potential risk. The authentication bypass could lead to unauthorized access and control over the Moxa Ethernet switch. This can disrupt network operations and expose sensitive data. Although the CVSS score is 0, the SVRS highlights that there is a risk associated with this vulnerability that requires attention.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2025-01-15
LAST MODIFIED2025-03-06
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12297 affects Moxa's Ethernet switch EDS-508A Series running firmware version 3.11 and earlier. This vulnerability arises from an authentication bypass flaw in the device's authorization mechanism. While both client-side and back-end server verification are implemented, attackers can exploit weaknesses in their implementation. This vulnerability allows attackers to potentially bypass authentication through brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, compromising the device's security.

SVRS: The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-12297 is 46. While this score is below the critical threshold of 80, it still signifies a moderate vulnerability, highlighting the need for prompt attention and mitigation efforts.

Key Insights

  • Authentication Bypass: The vulnerability allows attackers to bypass authentication mechanisms implemented in the Moxa EDS-508A Series switches, potentially compromising the device's security.
  • Brute-Force Attacks and MD5 Collision Attacks: Attackers can leverage brute-force attacks to guess valid credentials or exploit MD5 hash vulnerabilities to forge authentication hashes, enabling unauthorized access.
  • Active Exploitation: The vulnerability is actively exploited in the wild, indicating that attackers are actively targeting vulnerable devices.
  • Wide Impact: The vulnerability affects Moxa's EDS-508A Series switches running firmware version 3.11 and earlier, potentially impacting a large number of devices.

Mitigation Strategies

  • Firmware Update: Immediately update the firmware of affected Moxa EDS-508A Series switches to a version that addresses CVE-2024-12297.
  • Strong Passwords: Enforce strong passwords for all user accounts and change the default administrative password.
  • Multi-Factor Authentication (MFA): Implement MFA for all user accounts to enhance security and prevent unauthorized access.
  • Network Segmentation: Segment the network to isolate vulnerable devices and limit the impact of potential breaches.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Ajit Jasrotia2025-03-17
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More | From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories […] The post ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor
allhackernews.com
rss
forum
news
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
Ajit Jasrotia2025-03-11
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches | Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. &#8220;Multiple Moxa PT switches are vulnerable to an [&#8230;] The post Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches<
allhackernews.com
rss
forum
news
SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;
Dr. Johannes B. Ullrich2025-03-11
SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln; Shellcode Encoded in UUIDs Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon https://
sans.edu
rss
forum
news
Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access
Guru Baran2025-03-10
Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access | A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity.&#160; Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects nine PT switch models and stems from weaknesses in the authorization logic implementation despite layered client-side and server-side verification protocols. Researchers warn that exploitation could [&#8230;] The post Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access
cybersecuritynews.com
rss
forum
news
CVE-2024-12297 | Moxa EDS-508A up to 3.11 reliance on security through obscurity
vuldb.com2025-03-06
CVE-2024-12297 | Moxa EDS-508A up to 3.11 reliance on security through obscurity | A vulnerability, which was classified as critical, was found in Moxa EDS-508A up to 3.11. This affects an unknown part. The manipulation leads to reliance on security through obscurity. This vulnerability is uniquely identified as CVE-2024-12297. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

Actively exploited CVE : CVE-2024-12297
1
0
0
Moxa's PT switches have a critical auth bypass flaw (CVE-2024-12297) with a 9.2 CVSS score! 🚨 Patch now to prevent brute-force attacks &amp; hash forgery. Stay secure! #CyberSecurity #IoT #TechNews #Vulnerability
0
0
0
Critical Security Vulnerability (CVE-2024-12297) in Moxa PT Switches Allows Unauthorized Access https://t.co/8W4ta1I53Z #cve #vulnerability #CyberAttack https://t.co/0CJ70TVmXD
0
0
0
⚠️ A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10. This could lead to unauthorized access or service disruptions. Protect your systems now: https://t.co/f9vsRhqTPj
0
0
8
⚠️ A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10. This could lead to unauthorized access or service disruptions. Protect your systems now: https://t.co/90MW57lFxY... https://t.co/EfAQXokAOY
0
0
0
Critical Vulnerability in Moxa PT Switches Allows Unauthorized Access Learn about CVE-2024-12297 and how it affects Moxa PT switches. Understand the risks and implications of this critical vulnerability. https://t.co/TY3Hd6y5Sj
0
0
0
Moxa, La faille critique CVE-2024-12297 pourrait provoquer un Contournement des politiques de sécurité dans certaines Séries PT. https://t.co/aiC9VzSQQP
0
0
0
Warning: Critical Authentication Bypass in #Moxa Ethernet switch EDS-508A Series with firmware &lt;= 3.11. #CVE-2024-12297 CVSS: 9.2. This can lead to unauthorized access to the device or the network it is attached to! Time to #Patch #Patch #Patch
0
0
1
CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series Learn about the critical vulnerability CVE-2024-12297 affecting Moxa's EDS-508A Series Ethernet switches. Discover the potential risks and how to mitigate them. https://t.co/jKwL6nGNbR
0
0
1
🗣 CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series https://t.co/6F4maF9JCp
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series
[email protected]https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series
[email protected]https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches

CWE Details

CWE IDCWE NameDescription
CWE-656Reliance on Security Through ObscurityThe software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence