Moxa NPort 6100-G2/6200-G2 Series Execution with Unnecessary Privileges Vulnerability

A vulnerability allowing execution with unnecessary privileges has been identified in the Moxa NPort 6100-G2/6200-G2 Series. This vulnerability allows an authenticated user with read-only access to make unauthorized configuration changes using the Moxa CLI Configuration (MCC) tool. The issue can be exploited remotely over the network, with low attack complexity and no user interaction required, but it does depend on specific system conditions or configurations. Successful exploitation could lead to unintended changes in device settings for the affected user role, potentially causing significant disruption to the device's normal operations. No impact on other systems has been reported.

Impact

Exploitation of this vulnerability could allow unauthorized configuration changes to be made by users with read-only access, potentially disrupting the device's normal operations and causing a temporary denial-of-service condition.

Remediation

Users are advised to contact Moxa Technical Support for the security patch (version 1.1.0) to address this vulnerability.