Primary

Context

Moxa MXsecurity Series Unauthenticated Device Registration Vulnerability

Vulnerability

Patched

A vulnerability allowing unauthenticated device registration has been identified in the Moxa MXsecurity Series, in software versions through 2.3.0. This vulnerability arises from improperly controlled modifications of dynamically-determined object attributes. An unauthenticated remote attacker can exploit this issue by sending a specially crafted JSON payload to the device's registration endpoint, /api/v1/devices/register. This exploitation allows the registration of unauthorized devices without authentication. While the vulnerability enables limited data modification, it does not affect the confidentiality or availability of the impacted device or any subsequent systems.

Impact

Exploitation of this vulnerability allows for the unauthorized registration of devices, potentially leading to unauthorized access or control over those devices.

Remediation

Users are advised to update to version 2.3.1 or later. The update can be downloaded from the Moxa Software Licensing System.

Added: Dec 10, 2025, 9:17 AM

Updated: Dec 10, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.7

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moxa MXsecurity Series Unauthenticated Device Registration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Moxa MXsecurity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating