CVE-2026-3867

Summary

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition — when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.

Affected Software

VendorProductVersion RangeStatus
MoxaEDR-8010 Series1.0 <= 3.23affected
MoxaEDR-8010 Series3.24unaffected
MoxaEDR-G9010 Series1.0 <= 3.23.1affected
MoxaEDR-G9010 Series3.24affected

Weaknesses

  • CWE-282: CWE-282: Improper Ownership Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References