Moxa has released a critical security advisory addressing two newly disclosed vulnerabilities in its Secure Router and cellular gateway product lines.
Released on April 27, 2026, the advisory highlights a high-severity buffer overflow bug and a medium-severity improper ownership management flaw.
If exploited, these vulnerabilities could allow attackers to trigger complete denial-of-service conditions or extract sensitive administrative credentials.
Securing these industrial edge devices is critical, as they frequently bridge the gap between enterprise IT and operational technology networks.
High-Severity Denial of Service
The most critical of the two flaws is CVE-2026-3868, holding a CVSS 4.0 score of 8.7. This vulnerability stems from the improper handling of length parameter inconsistencies within the HTTPS management interface of affected devices.
An unauthenticated, remote attacker can exploit this weakness by sending specially crafted malicious requests to the target router. This action triggers a buffer overflow, which ultimately causes the web service to crash and become entirely unresponsive.
Because this exploit requires no authentication, it poses a significant threat to industrial environments that rely heavily on continuous uptime.
Successful exploitation results in a complete denial-of-service condition that requires a manual device reboot to restore normal operations.
Unplanned downtime in these environments can easily lead to severe operational disruptions. While this flaw severely impacts device availability, Moxa confirmed that the exploit does not compromise data confidentiality or integrity.
Credential Exposure via Privilege Abuse
The second vulnerability, tracked as CVE-2026-3867 with a CVSS 4.0 score of 6.0, is an improper ownership management issue that requires prior system authentication.
A low-privileged user who has already authenticated to the router can exploit this flaw to access sensitive configuration files. Exploitation is conditionally restricted, meaning the attacker can only access the configuration file if a system administrator has previously exported it.
If successfully exploited, the threat actor gains access to the hashed password of the administrative account. This exposes the system to potential privilege escalation if the attacker possesses the resources to crack the compromised hash offline.
The vulnerability exclusively affects data confidentiality, with no direct secondary effects on system integrity or availability.
Affected Devices and Patch
Several industrial networking product lines are vulnerable to these security flaws. Network administrators should immediately verify their firmware versions and apply the recommended updates to secure their infrastructure.
- TN-4900 Series users must update to firmware v3.24 or later.
- EDR-8010 and EDR-G9010 Series environments require firmware v3.24 or later.
- EDF-G1002-BP Series systems should be updated to firmware v3.24 or later.
- OnCell G4302-LTE4 and G4308-LTE4 Series administrators must contact Moxa Technical Support directly to obtain security patch v3.24.1.
Mitigation
For organizations unable to immediately deploy firmware updates, the Moxa advisory strongly recommends implementing defense-in-depth strategies to minimize the attack surface.
Disconnecting management interfaces from public-facing networks is a critical first step to prevent remote exploitation of CVE-2026-3868.
- Deploy firewalls and access control lists to restrict device communication to trusted IP addresses only.
- Segregate operational networks from enterprise networks using VLANs or strict physical separation.
- Disable unused network services and avoid exposing edge devices directly to the public internet.
- Enforce multi-factor authentication and use encrypted communication protocols, such as VPNs, for all remote access.
- Enable detailed event logging to closely monitor network traffic for anomalous behavior and unauthorized access attempts.
No Comment! Be the first one.