PT-2025-42573 · Moxa · Moxa Routers+1
Published
2025-10-16
·
Updated
2025-10-21
·
CVE-2025-6892
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Moxa network security appliances and routers (affected versions not specified)
Description
An issue exists in the API authentication mechanism of Moxa network security appliances and routers. This flaw allows unauthorized access to protected API endpoints, including those used for administrative functions. The issue can be exploited after a legitimate user has logged in, due to a failure to properly validate session context or privilege boundaries. An attacker may be able to perform unauthorized privileged operations. Exploitation can severely impact the confidentiality, integrity, and availability of the affected device. The
API authentication mechanism is the component affected.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Incorrect Authorization
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Moxa Network Security Appliances
Moxa Routers