Moxa Mxsecurity
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Moxa Mxsecurity.
By the Year
In 2026 there have been 0 vulnerabilities in Moxa Mxsecurity. Last year, in 2025 Mxsecurity had 1 security vulnerability published. Right now, Mxsecurity is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 2 | 7.50 |
| 2023 | 7 | 7.89 |
It may take a day or so for new Mxsecurity vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Moxa Mxsecurity Security Vulnerabilities
Unauth Device Reg in MXsecurity Series via JSON Payload (CVE-2025-9315)
CVE-2025-9315
- December 10, 2025
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices/register, allowing the attacker to register unauthorized devices without authentication. Although exploiting this vulnerability has limited modification of data, there is no impact to the confidentiality and availability of the affected device, as well as no loss of confidentiality, integrity, and availability within any subsequent systems.
Mass Assignment
MXsecurity Hard-Coded Credentials Vulnerability (v <= 1.1.0)
CVE-2024-4740
7.5 - High
- October 18, 2024
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
Use of Hard-coded Credentials
Access Restriction Bypass in MXsecurity v1.1.0
CVE-2024-4739
7.5 - High
- October 18, 2024
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
MXsecurity <1.0.1: Unauth Access via Auth Bypass
CVE-2023-39981
7.5 - High
- September 02, 2023
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
authentification
SQLi leads to Auth Info Disclosure in MXsecurity < v1.0.1
CVE-2023-39980
8.1 - High
- September 02, 2023
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
SQL Injection
MXsecurity auth-bypass before 1.0.1 via weak RNG
CVE-2023-39979
9.8 - Critical
- September 02, 2023
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
Use of Insufficiently Random Values
MXsecurity before 1.0.1: Hardcoded SSH Host Key in SSH Component Enables MITM
CVE-2023-39982
5.9 - Medium
- September 02, 2023
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
Use of Hard-coded Credentials
MXsecurity <1.0.1: Unauth Remote Device Registration via NSM-Web
CVE-2023-39983
5.3 - Medium
- September 02, 2023
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
Improper Control of Dynamically-Managed Code Resources
MXsecurity 1.0 Hardcoded Credentials: JWT Crafting & Auth Bypass
CVE-2023-33236
9.8 - Critical
- May 22, 2023
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.
Use of Hard-coded Credentials
Command Injection in MXsecurity v1.0 SSH CLI
CVE-2023-33235
8.8 - High
- May 22, 2023
MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Moxa Mxsecurity or by Moxa? Click the Watch button to subscribe.
