Is V1222 Ct T Firmware affected by CVE-2026-0714?

CVE-2026-0714 presents notable security risk rated CVSS 6.8. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2026-0714

MEDIUM

2026-02-05 [email protected]

6.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 05, 2026 - 17:16 nvd

MEDIUM 6.8

Tags

Linux V1222 Ct T Firmware Uc 3430a T Lte Wifi Firmware Uc 8220 T Lx Firmware Uc 4414a I T Firmware Uc 3424a T Lte Firmware V2406c Wl7 T Firmware V2406c Wl7 Ct T Firmware V2406c Kl7 Ct T Firmware Uc 8210 T Lx S Firmware V2406c Wl1 Ct T Firmware Uc 8220 T Lx Eu S Firmware Uc 2222a T Firmware V1202 Ct T Firmware Uc 2222a T Eu Firmware V2406c Kl1 Ct T Firmware Uc 1222a Firmware Uc 4434a I T Firmware Uc 8220 T Lx Ap S Firmware Uc 8220 T Lx Us S Firmware Uc 2222a T Ap Firmware V2406c Kl1 T Firmware V1222 W Ct T Firmware Uc 4410a T Firmware V2406c Wl5 T Firmware V2406c Wl3 T Firmware V2406c Kl7 T Firmware Uc 3434a T Lte Wifi Firmware Uc 4430a T Firmware Uc 4450a T 5g Firmware V2406c Kl3 T Firmware V2406c Kl5 T Firmware V2406c Wl1 T Firmware Uc 3420a T Lte Firmware Uc 2222a T Us Firmware Uc 4454a T 5g Firmware

Description

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data may allow offline decryption of eMMC contents. This attack cannot be performed through brief or opportunistic physical access and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis. Remote exploitation is not possible.

Analysis

TPM-backed LUKS encryption bypass in Moxa Industrial Linux 3 on select industrial computers allows an attacker with invasive physical access to the SPI bus to intercept TPM communications and decrypt eMMC storage contents offline. This attack requires opening the device and connecting specialized equipment for extended signal capture, making it impractical for opportunistic access scenarios. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: 0

CVE-2026-0714 vulnerability details – vuln.today

Back

CVE-2026-0714

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code