- Description
- Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
- Source
- psirt@moxa.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- psirt@moxa.com
- CWE-656
- Hype score
- Not currently trending
🚨 Critical Moxa TN-A/TN-G Switch Flaw (CVE-2024-12297) Enables Remote Auth Bypass on Industrial Networks Moxa disclosed a critical authentication weakness in TN-A/TN-G Ethernet switches where frontend/back-end authorization gaps can be abused (e.g., brute-force and signature
@ThreatSynop
5 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-12297
@transilienceai
17 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 أصدرت شركة موكسا التايوانية تحديثًا أمنيًا لعلاج ثغرة حرجة في محولات PT، مما يسمح للمهاجمين بتجاوز ضمانات المصادقة. تم تصنيف الثغرة، المعروفة باسم CVE-2024-12297، بدرجة 9.2 من 10 وفقًا لنظام CVSS v4. #الامن_السيبراني https://t.co/aTUEySiCkV
@Cybercachear
11 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Security Vulnerability (CVE-2024-12297) in Moxa PT Switches Allows Unauthorized Access https://t.co/8W4ta1I53Z #cve #vulnerability #CyberAttack https://t.co/0CJ70TVmXD
@threatsbank
11 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ A critical flaw (CVE-2024-12297) in Moxa PT switches could let attackers bypass authentication, with a CVSS score of 9.2/10. This could lead to unauthorized access or service disruptions. Protect your systems now: https://t.co/f9vsRhqTPj
@TheHackersNews
11 Mar 2025
77118 Impressions
45 Retweets
98 Likes
19 Bookmarks
2 Replies
1 Quote
"⚠️ Vulnerability Alert: Critical Vulnerability in Moxa PT Switches Allows Unauthorized Access 📅 Timeline: Disclosure: 2025-01-15, Patch: Not available yet 📌 Attribution: 🆔cveId: CVE-2024-12297 📊baseScore: 9.2 📏cvssMetrics:… https://t.co/caB69c1sSZ
@syedaquib77
10 Mar 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
==== 資安雙週報 (250201) ==== 初一十五除了呷菜喔外 也要關心一下安全圈的消息 - 空殼帳號? - 新創公司的通病? - CVE-2024-7344 bypass bootloader - CVE-2024-12297 bypass auth
@PTTNetSecurity
1 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
4 Replies
0 Quotes
Moxa EDS-508A Series の脆弱性 CVE-2024-12297 (CVSS 9.2) が FIX:パッチ適用前の緩和策も提供 https://t.co/vko6zzWYKt Moxa EDS-508A の脆弱性 CVE-2024-12297 が FIX しました。ご利用のチームは、ご注意ください。Moxa 関連の直近の記事は、2025/01/04 の「Moxa 製品の脆弱性… https://t.co/HPoqC0iGJY
@iototsecnews
29 Jan 2025
70 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Moxa warns of a critical vulnerability (CVE-2024-12297) in EDS-508A Series Ethernet switches, allowing unauthorized access. A patch is available for affected devices. 🔒 #Moxa #NetworkSecurity #Taiwan link: https://t.co/ePsoe0doy8 https://t.co/zfVAdmVfBK
@TweetThreatNews
20 Jan 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12297 (CVSS 9.2): Critical Authorization Vulnerability in Moxa EDS-508A Series Learn about the critical vulnerability CVE-2024-12297 affecting Moxa's EDS-508A Series Ethernet switches. Discover the potential risks and how to mitigate them. https://t.co/jKwL6nGNbR
@the_yellow_fall
19 Jan 2025
369 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-12297 | Moxa EDS-508A up to 3.11 reliance on security through obscurity) has been published on https://t.co/D5pKpZwbzd
@WolfgangSesin
15 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes