CVE-2026-3868

HIGH

Moxa EDR-8010 Series < 3.23 - Buffer Overflow

Title source: rule

Description

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.

References (1)

[Vendor Advisory] https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons

Scores

CVSS v4 8.7

EPSS 0.0009

EPSS Percentile 24.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-130

Status published

Products (4)

Moxa/EDR-8010 Series 1.0 - 3.23

Moxa/EDR-8010 Series 3.24

Moxa/EDR-G9010 Series 1.0 - 3.23.1

Moxa/EDR-G9010 Series 3.24

Published Apr 27, 2026

Tracked Since Apr 27, 2026