Moxa
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Moxa product.
RSS Feeds for Moxa security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Moxa products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Moxa Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 2 vulnerabilities in Moxa. Last year, in 2025 Moxa had 11 security vulnerabilities published. Right now, Moxa is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 0.00 |
| 2025 | 11 | 0.00 |
| 2024 | 9 | 7.86 |
| 2023 | 14 | 8.19 |
| 2022 | 2 | 8.65 |
| 2021 | 5 | 9.24 |
| 2020 | 3 | 7.80 |
| 2019 | 2 | 0.00 |
| 2018 | 9 | 9.19 |
It may take a day or so for new Moxa vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Moxa Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-0715 | Feb 05, 2026 |
Moxa Industrial Linux Bootloader Serial Access DoSMoxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible. |
|
| CVE-2026-0714 | Feb 05, 2026 |
Physical TPM SPI bus attack on Moxa Industrial Linux 3 (LUKS FDE)A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible. |
|
| CVE-2025-15017 | Dec 31, 2025 |
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interfaceA vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified. |
Nport 5000ai M12 Series
Nport 5100 Series
Nport 5100a Series
And others... |
| CVE-2025-2026 | Dec 31, 2025 |
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026)The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the devices web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition. An authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service. |
|
| CVE-2025-1977 | Dec 31, 2025 |
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977)The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified. |
|
| CVE-2025-9315 | Dec 10, 2025 |
Unauth Device Reg in MXsecurity Series via JSON Payload (CVE-2025-9315)An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modification of data, there is no impact to the confidentiality and availability of the affected device, as well as no loss of confidentiality, integrity, and availability within any subsequent systems. |
Mxsecurity
|
| CVE-2025-1680 | Oct 23, 2025 |
Host Header Injection in Moxas Ethernet Switches Web UIAn acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxas Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected devices web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems. |
Tn 4500a Series
Tn 5500a Series
Tn G4500 Series
And others... |
| CVE-2025-1679 | Oct 23, 2025 |
Moxas Ethernet Switches: Authenticated XSS in Web InterfaceCross-site Scripting has been identified in Moxas Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected devices web service that could impact authenticated users interacting with the devices web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inject malicious scripts into the system, and the scripts persist across sessions. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of availability within any subsequent systems but has some loss of confidentiality and integrity within the subsequent system. |
Tn 4500a Series
Tn 5500a Series
Tn G4500 Series
And others... |
| CVE-2025-6950 | Oct 17, 2025 |
Hard-Coded JWT Key in Moxas Routers Enables Token Forgery (CVE-2025-6950)An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. |
|
| CVE-2025-6949 | Oct 17, 2025 |
Moxas Network Appliance PrivEsc via APIAn Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. |
|
| CVE-2025-6894 | Oct 17, 2025 |
Unnecessary Privileges in Moxas API for Ping EscalationAn Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables the user to perform internal network reconnaissance, potentially discovering internal hosts or services that would otherwise be inaccessible. Repeated exploitation could lead to minor resource consumption. While the overall impact is limited, it may result in some loss of confidentiality and availability on the affected device. There is no impact on the integrity of the device, and the vulnerability does not affect any subsequent systems. |
|
| CVE-2025-6893 | Oct 17, 2025 |
Moxas Appliance /api/v1/setting/data Exec Unnecessary Privilege VULNAn Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby gaining the ability to access or modify system configuration data. Successful exploitation may lead to privilege escalation, allowing the attacker to access or modify sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems. |
|
| CVE-2025-6892 | Oct 17, 2025 |
Moxas Network Appliance API Auth Bypass via Incorrect Privilege ContextAn Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system fails to properly validate session context or privilege boundaries. An attacker may leverage this flaw to perform unauthorized privileged operations. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. |
|
| CVE-2024-4739 | Oct 18, 2024 |
Access Restriction Bypass in MXsecurity v1.1.0The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. |
Mxsecurity
|
| CVE-2024-4740 | Oct 18, 2024 |
MXsecurity Hard-Coded Credentials Vulnerability (v <= 1.1.0)MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. |
Mxsecurity
|
| CVE-2024-9137 | Oct 14, 2024 |
Moxa Service CMD Injection: Auth Bypass Executable Remote CommandsThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. |
Edr G9010
Nat 102
Tn 4900
And others... |
| CVE-2024-6786 | Sep 21, 2024 |
MQTT Path Traversal Enabling Arbitrary System File ReadThe vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. |
Mxview One
|
| CVE-2024-6787 | Sep 21, 2024 |
Race Condition Exploit (TOCTOU) Allows Arbitrary File WriteThis vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. |
Mxview One
|
| CVE-2024-6785 | Sep 21, 2024 |
Cleartext Credential Storage in Config File allows Local Access AbuseThe configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. |
Mxview One
Mxview One Central Manager
|
| CVE-2024-4639 | Jun 25, 2024 |
OnCell G3470A v1.7.7- IPSec Config Unvalidated Input RCEOnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. |
Oncell G3470a Lte Eu T Firmware
Oncell G3470a Lte Eu Firmware
Oncell G3470a Lte Us T Firmware
And others... |
| CVE-2024-4640 | Jun 25, 2024 |
OnCell G3470A-LTE Series firmware <=1.7.7 Buffer Overflow via Unchecked WriteOnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. |
Oncell G3470a Lte Eu T Firmware
Oncell G3470a Lte Eu Firmware
Oncell G3470a Lte Us T Firmware
And others... |
| CVE-2024-4641 | Jun 25, 2024 |
OnCell G3470A-LTE Format String Defect V1.7.7 and EarlierOnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. |
Oncell G3470a Lte Eu T Firmware
Oncell G3470a Lte Eu Firmware
Oncell G3470a Lte Us T Firmware
And others... |
| CVE-2023-39983 | Sep 02, 2023 |
MXsecurity <1.0.1: Unauth Remote Device Registration via NSM-WebA vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application. |
Mxsecurity
|
| CVE-2023-39982 | Sep 02, 2023 |
MXsecurity before 1.0.1: Hardcoded SSH Host Key in SSH Component Enables MITMA vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic. |
Mxsecurity
|
| CVE-2023-39979 | Sep 02, 2023 |
MXsecurity auth-bypass before 1.0.1 via weak RNGThere is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. |
Mxsecurity
|
| CVE-2023-39980 | Sep 02, 2023 |
SQLi leads to Auth Info Disclosure in MXsecurity < v1.0.1A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands. |
Mxsecurity
|
| CVE-2023-39981 | Sep 02, 2023 |
MXsecurity <1.0.1: Unauth Access via Auth BypassA vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker. |
Mxsecurity
|
| CVE-2023-4227 | Aug 24, 2023 |
ioLogik 4000 Series E4200 Unauth Access via Unauth Service - v1.6A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. |
Iologik E4200 Firmware
|
| CVE-2023-34215 | Aug 17, 2023 |
TN-5900 Series v3.3 and earlier: Command Injection RCETN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. |
Tn 5900 Firmware
|
| CVE-2023-34213 | Aug 17, 2023 |
TN-5900 firmware v3.3 and prior: Command Injection (CVE-2023-34213)TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. |
Tn 5900 Firmware
|
| CVE-2023-33237 | Aug 17, 2023 |
TN-5900 Series firmware <=v3.3 Improper Auth via Web APITN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. |
Tn 5900 Firmware
|
| CVE-2023-33236 | May 22, 2023 |
MXsecurity 1.0 Hardcoded Credentials: JWT Crafting & Auth BypassMXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. |
Mxsecurity
|
| CVE-2023-33235 | May 22, 2023 |
Command Injection in MXsecurity v1.0 SSH CLIMXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. |
Mxsecurity
|
| CVE-2022-41313 | Feb 07, 2023 |
Moxa SDS-3008 Web UI XSS (Storage) 2.1A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" |
|
| CVE-2022-41311 | Feb 07, 2023 |
XSS in Moxa SDS-3008 Series Switch 2.1: arbitrary JS execA stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" |
|
| CVE-2022-41312 | Feb 07, 2023 |
Moxa SDS-3008 Series XSS in Switch Description (v2.1)A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" |
|
| CVE-2021-40390 | Apr 14, 2022 |
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. |
Mxview
|
| CVE-2021-40392 | Apr 14, 2022 |
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. |
Mxview
|
| CVE-2021-38452 | Oct 12, 2021 |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 mayA path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. |
Mxview
|
| CVE-2021-38454 | Oct 12, 2021 |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 mayA path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. |
Mxview
|
| CVE-2021-38456 | Oct 12, 2021 |
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 mayA use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords |
Mxview
|
| CVE-2021-38458 | Oct 12, 2021 |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 mayA path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. |
Mxview
|
| CVE-2021-38460 | Oct 12, 2021 |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 mayA path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. |
Mxview
|
| CVE-2020-13537 | Nov 05, 2020 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installationAn exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. |
Mxview
|
| CVE-2020-13536 | Nov 05, 2020 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installationAn exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. |
Mxview
|
| CVE-2020-8858 | Feb 14, 2020 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552. |
|
| CVE-2015-6458 | Mar 21, 2019 |
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code executionMoxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. |
|
| CVE-2015-6457 | Mar 21, 2019 |
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code executionMoxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. |
|
| CVE-2018-18396 | Oct 19, 2018 |
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. |
Thingspro
|
| CVE-2018-18395 | Oct 19, 2018 |
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. |
Thingspro
|