CVE-2025-6950
CVE-2025-6950
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.9EPSS 0.7%KEV nãoPoC —Patch referenciado
Ciclo de vida
17 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H
Produtos afetados
Moxa · EDF-G1002-BP SeriesMoxa · EDR-8010 SeriesMoxa · EDR-G9010 SeriesMoxa · NAT-102 SeriesMoxa · NAT-108 SeriesMoxa · OnCell G4302-LTE4 SeriesMoxa · TN-4900 SeriesQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →