Moxa Routers: Hardcoded Credentials Allow Attackers Full Access
Patches close several vulnerabilities in Moxa's security appliances and routers. So far, there is no indication of attacks.
(Image: Tatiana Popova/Shutterstock.com)
Network administrators should update their Moxa security appliances and routers to the latest version promptly. Failure to do so could allow attackers to exploit several security vulnerabilities and fully compromise devices.
Various Dangers
In a security advisory, the developers state that they have closed a total of five vulnerabilities. Three of these vulnerabilities (CVE-2025-6950, CVE-2025-6949, CVE-2025-6893) are classified as “critical.” If attackers successfully exploit these vulnerabilities, they can generate valid tokens, for example because of a static key, and thus log in as any user. Subsequently, they can completely take over devices with extensive privileges.
In another case, attackers with low user privileges can create administrator accounts and thus compromise systems. For another attack, an attacker must also be authenticated. If this is the case, they can alter system and configuration data due to an error in access control.
Due to an error in the authentication API (CVE-2025-6892 “high”), attackers can access endpoints with administrative privileges. However, a legitimate user must already be logged in before an attack.
Videos by heise
Securing Devices
Specifically affected are the product series EDR-G9010 Series, EDR-8010 Series, EDF-G1002-BP Series, TN-4900 Series, NAT-102 Series, NAT-108 Series, and OnCell G4302-LTE4 Series. So far, there are no reports that attackers are already exploiting the vulnerabilities. Moxa nevertheless advises owners of affected devices to update promptly to version v3.21, which is equipped to handle the described attacks.
(des)
