CVE-2025-0415
9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
Summary
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | EDF-G1002-BP Series | 1.0 <= 3.14 | affected |
| Moxa | EDR-810 Series | 1.0 <= 5.12.39 | affected |
| Moxa | EDR-8010 Series | 1.0 <= 3.14 | affected |
| Moxa | EDR-G9004 Series | 1.0 <= 3.14 | affected |
| Moxa | EDR-G9010 Series | 1.0 <= 3.14 | affected |
| Moxa | OnCell G4302-LTE4 Series | 1.0 <= 3.14 | affected |
| Moxa | TN-4900 Series | 1.0 <= 3.14 | affected |
| Moxa | NAT-102 Series | 1.0 <= 3.15 | affected |
Weaknesses
- CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.