Moxa Network Security Appliances and Routers Incorrect Authorization Vulnerability

A vulnerability allowing incorrect authorization has been identified in Moxa's network security appliances and routers. This flaw arises from a defect in the API authentication process, which permits unauthorized access to protected API endpoints, including those designated for administrative tasks. The vulnerability can be exploited after a legitimate user has logged in, as the system does not adequately verify session context or privilege boundaries. An attacker could use this flaw to execute unauthorized privileged operations. While successful exploitation can significantly affect the confidentiality, integrity, and availability of the impacted device, it does not compromise confidentiality or integrity in any subsequent systems.

Impact

Exploitation of this vulnerability can lead to unauthorized privileged operations on the affected device, severely impacting its confidentiality, integrity, and availability. However, there is no loss of confidentiality or integrity within any subsequent systems.

Remediation

Users are advised to update to version 3.21 or later. For the OnCell G4302-LTE4 Series, please contact Moxa Technical Support for the security patch.