Volerion logoVolerion
Volerion logoVolerion

Moxa Products Command Injection Vulnerability Leading to Privilege Escalation

Vulnerability

A command injection vulnerability has been identified in tcpdump within multiple Moxa product series, including secure routers, cellular routers, and network security appliances. This vulnerability allows an authenticated attacker with console access to exploit improper input validation, injecting and executing system commands. Successful exploitation could lead to privilege escalation, granting root access and allowing persistent control over the device. This could disrupt network services and impact the availability of downstream systems reliant on the device's connectivity.

Impact

Exploitation of this vulnerability could result in unauthorized command execution, privilege escalation to root, and disruption of network services, affecting connected systems that rely on the compromised device for connectivity.

Remediation

Users are advised to upgrade to the latest firmware version. Specific upgrade instructions can be found in the Moxa Security Advisory MPSA-259491.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
7.5
exploitability
3.0
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.