Skip to main content

Moxa Secure Router CVE-2026-3867

| EUVDEUVD-2026-25756 MEDIUM
Improper Ownership Management (CWE-282)
2026-04-27 psirt@moxa.com
6.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Apr 27, 2026 - 04:30 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 04:22 euvd
EUVD-2026-25756
Analysis Generated
Apr 27, 2026 - 04:22 vuln.today
CVE Published
Apr 27, 2026 - 04:16 nvd
MEDIUM 6.0

DescriptionCVE.org

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition - when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.

AnalysisAI

Improper ownership management in Moxa Secure Router allows low-privileged authenticated users to access exported configuration files containing hashed administrative passwords, enabling credential disclosure. The vulnerability is confined to scenarios where configuration files have been exported and requires valid user credentials to exploit; no impact to system integrity or availability has been identified.

Technical ContextAI

The vulnerability stems from CWE-282 (Improper Ownership Management), where file permissions or access controls on exported configuration artifacts do not adequately restrict access based on user privilege levels. The Secure Router's configuration export function generates files containing sensitive material, including hashed administrative credentials. The root cause involves insufficient access control checks that fail to prevent low-privileged authenticated users from reading these exported files. This is a common pattern in network appliances where configuration backups are generated with overly permissive default ownership or permissions, allowing lateral privilege escalation through credential compromise.

RemediationAI

Apply the vendor-released patch from Moxa MPSA-261521 to affected Secure Router instances. The primary mitigation is firmware/software update to the patched version specified in the advisory. As interim compensating controls, restrict file system access to configuration export directories using operating system-level ACLs to prevent low-privileged users from reading exported configuration files; audit and securely delete any exported configuration files not in active use, particularly those containing sensitive credentials; implement file-level encryption for exported configurations; and monitor access logs for unauthorized reads of configuration files. Additionally, enforce strong access controls limiting which users can export configuration data in the first place, as this directly reduces the window of exposure.

Share

CVE-2026-3867 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy