Home

Description

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.

PUBLISHED Reserved 2025-03-05 | Published 2025-12-31 | Updated 2025-12-31 | Assigner Moxa




HIGH: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-250: Execution with Unnecessary Privileges

Product status

Default status
unaffected

1.0.0 (custom)
affected

1.1.0 (custom)
unaffected

Credits

Paxon SP Lin finder

References

www.moxa.com/...nerabilities-in-nport-6100-g2-6200-g2-series vendor-advisory

cve.org (CVE-2025-1977)

nvd.nist.gov (CVE-2025-1977)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.