Moxa Network Security Appliances and Routers Execution with Unnecessary Privileges Vulnerability Allowing Unauthorized Account Creation

A vulnerability allowing execution with unnecessary privileges has been identified in Moxa's network security appliances and routers. This critical authorization flaw in the API enables an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to those of existing users. In certain scenarios, this vulnerability could allow an attacker to gain full administrative control over the affected device, leading to potential account impersonation. While successful exploitation can severely impact the affected device's functionality, there is no loss of confidentiality or integrity within any subsequent systems.

Impact

Exploitation of this vulnerability could result in unauthorized administrative access to the affected device, allowing for full control and the ability to impersonate accounts.

Remediation

Users are advised to update to version 3.21 or later. For OnCell G4302-LTE4 Series devices, please contact Moxa Technical Support for the security patch.