Moxa Nat-108 Series vulnerabilities

5 known vulnerabilities affecting moxa/nat-108_series.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-6950CRITICALCVSS 9.9≥ 1.0, ≤ 3.162025-10-17
CVE-2025-6950 [CRITICAL] CWE-798 CVE-2025-6950: An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security applia An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and im
cvelistv5nvd
CVE-2025-6949CRITICALCVSS 9.3≥ 1.0, ≤ 3.162025-10-17
CVE-2025-6949 [CRITICAL] CWE-250 CVE-2025-6949: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network securit An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, including accounts with usernames identical to existing users. In certain scenarios, this vulnerabil
cvelistv5nvd
CVE-2025-6893CRITICALCVSS 9.3≥ 1.0, ≤ 3.162025-10-17
CVE-2025-6893 [CRITICAL] CWE-250 CVE-2025-6893: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network securit An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby g
cvelistv5nvd
CVE-2025-6892HIGHCVSS 8.7≥ 1.0, ≤ 3.162025-10-17
CVE-2025-6892 [HIGH] CWE-863 CVE-2025-6892: An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances a An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be exploited after a legitimate user has logged in, as the system f
cvelistv5nvd
CVE-2025-6894MEDIUMCVSS 5.3≥ 1.0, ≤ 3.162025-10-17
CVE-2025-6894 [MEDIUM] CWE-250 CVE-2025-6894: An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network securit An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping` function, which is restricted to higher-privileged roles. This vulnerability enables
cvelistv5nvd