Home

Description

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information. Exploitation is only possible under a specific condition — when the configuration file has been exported. This vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.

PUBLISHED Reserved 2026-03-10 | Published 2026-04-27 | Updated 2026-04-27 | Assigner Moxa




MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-282: Improper Ownership Management

Product status

Default status
unaffected

1.0 (custom)
affected

3.24 (custom)
unaffected

Default status
unaffected

1.0 (custom)
affected

3.24 (custom)
affected

References

www.moxa.com/...improper-handling-of-length-parameter-incons vendor-advisory

cve.org (CVE-2026-3867)

nvd.nist.gov (CVE-2026-3867)

Download JSON