PT-2025-1189 · Moxa · Mgate 5121/5122/5123 Series
Dmitry Mosichkin
·
Published
2025-01-15
·
Updated
2026-05-10
·
CVE-2025-0193
CVSS v4.0
5.2
Medium
| Vector | AV:N/AC:H/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MGate 5121/5122/5123 Series firmware version v1.0
Description
A stored Cross-site Scripting (XSS) vulnerability exists due to insufficient sanitization and encoding of user input in the
Login Message functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges.Recommendations
For MGate 5121/5122/5123 Series firmware version v1.0, consider disabling the
Login Message functionality until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the login page to minimize the risk of unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mgate 5121/5122/5123 Series