Moxa EDR-G9010
Moderate fix1 remedy
Moderate fix1 remedy
- <v3.21
Moxa Network Security Appliances and Routers Execution with Unnecessary Privileges Vulnerability Allowing Privilege Escalation
Vulnerability
Patched
A vulnerability allowing execution with unnecessary privileges has been identified in Moxa's network security appliances and routers. This issue arises from broken access control in the '/api/v1/setting/data' endpoint, where low-privileged authenticated users can access or modify system configuration data without the required permissions. Successful exploitation of this vulnerability may lead to privilege escalation, allowing unauthorized access to sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems.
Impact
Exploitation of this vulnerability could result in unauthorized access to or modification of sensitive system configuration data, potentially leading to further privilege escalation on the affected device.
Remediation
Users are advised to update to version 3.21 or later. For the OnCell G4302-LTE4 Series, please contact Moxa Technical Support for the security patch.
Added: Oct 17, 2025, 3:18 AM
Updated: Oct 17, 2025, 3:18 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
7.5exploitability
4.9remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.