CVE-2026-3867

MEDIUM

Moxa EDR-8010 Series <3.23 - Info Disclosure

Title source: llm

Description

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition — when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons

Scores

CVSS v4 6.0

EPSS 0.0004

EPSS Percentile 13.3%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-282

Status published

Products (4)

Moxa/EDR-8010 Series 1.0 - 3.23

Moxa/EDR-8010 Series 3.24

Moxa/EDR-G9010 Series 1.0 - 3.23.1

Moxa/EDR-G9010 Series 3.24

Published Apr 27, 2026

Tracked Since Apr 27, 2026