As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

CVE-2025-0193: Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

  • Security Advisory ID: MPSA-247733
  • Version: V1.0
  • Release Date: Jan 15, 2025
  • Reference:

    CVE-2025-0193 (Moxa) 

A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges. 


The Identified Vulnerability Type and Potential Impact 

Item Vulnerability Type Impact
1

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2025-0193) 

Exploitation of this vulnerability may result in unauthorized actions or other impacts, depending on the user's privileges. 

Vulnerability Scoring Details 

ID
CVSS
Vector 
Severity

Unauthenticated

Remote Exploit

CVE-2025-0193 

CVSS 4.0: 5.2

AV:N/AC:H/AT:N/PR:H/UI:P/
VC:N/VI:N/VA:N/SC:H/SI:H/SA:H 
Medium No
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are listed below.

Product Series Affected Versions
MGate 5121 Series  Firmware version 1.0 
MGate 5122 Series  Firmware version 1.0 
MGate 5123 Series  Firmware version 1.0 

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below. 

Product Series Solutions
MGate 5121 Series  Upgrade to the firmware version 2.0 or later version 
MGate 5122 Series  Upgrade to the firmware version 2.0 or later version 
MGate 5123 Series 

Upgrade to the firmware version 2.0 or later version 

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet. 
  • Ensure that administrator accounts use strong, unique passwords, and restrict access to trusted personnel only. 

 

Acknowledgement: 

We would like to express our gratitude to Dmitrii Mosichkin for reporting the vulnerability, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release January 15, 2025 

Relevant Products

MGate 5121 Series · MGate 5122 Series · MGate 5123 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback