Volerion logoVolerion
Volerion logoVolerion

Moxa Secure Routers, Cellular Routers, and Network Security Appliances Command Injection Vulnerability Leading to Denial-of-Service

Vulnerability

A command injection vulnerability has been identified in multiple Moxa product series, including secure routers, cellular routers, and network security appliances. This vulnerability allows remote attackers with web administrator privileges to execute arbitrary system commands through the NTP settings via the device's web interface. Successful exploitation can cause the device to enter an infinite reboot loop, resulting in a total or partial loss of connectivity for downstream systems that rely on its network services.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device, potentially leading to an infinite reboot loop and disruption of network services for connected downstream systems.

Remediation

Users are advised to upgrade to the latest firmware version available for their specific product series. For some series, the updated firmware can be obtained by contacting Moxa Technical Support.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
8.3
exploitability
5.0
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.