Moxa Secure Router Improper Ownership Management Vulnerability Allowing Access to Hashed Administrative Passwords

A vulnerability has been identified in Moxa's Secure Router, related to improper ownership management. This issue allows a low-privileged authenticated user to access a configuration file that contains the hashed password of the administrative account. Exploitation of this vulnerability could lead to the unauthorized retrieval of sensitive information. However, this issue can only be exploited if the configuration file has been exported. The vulnerability does not affect the integrity or availability of the Secure Router, nor does it impact the confidentiality, integrity, or availability of any subsequent systems.

Impact

Successful exploitation allows access to a configuration file containing the hashed password of the administrative account, potentially leading to unauthorized access or privilege escalation.

Remediation

Users can update to firmware version 3.24 or later. For OnCell G4302-LTE4 Series and OnCell G4308-LTE4 Series, please contact Moxa Technical Support for the security patch (v3.24.1).