As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2025-1977, CVE-2025-2026: Multiple Vulnerabilities in NPort 6100-G2/6200-G2 Series

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2025-1977, CVE-2025-2026: Multiple Vulnerabilities in NPort 6100-G2/6200-G2 Series

This security advisory addresses two vulnerabilities identified in NPort 6100-G2/6200-G2 Series.

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition.

Since these issues have high severity, we strongly advise users to immediately apply the solutions to mitigate associated security risks.
 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-1977

CWE-250: Execution with Unnecessary Privileges

 CAPEC-122: Privilege Abuse
CVE-2025-2026 CWE-170: Improper Null Termination

An authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service.

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-1977

CVSS 4.0: 7.7

AV:N/AC:L/AT:P/PR:L/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 High No
CVE-2025-2026 CVSS 4.0: 7.1

AV:N/AC:L/AT:N/PR:L/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

 High No
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions
NPort 6100-G2/6200-G2 Series Firmware v1.0.0 Please contact Moxa Technical Support for the security patch (v1.1.0)

 

Mitigations

For users who may not be able to perform a firmware update, we provide the following recommended mitigation measures as an alternative to mitigate the risk associated with the vulnerability.

  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Acknowledgement

We would like to express our gratitude to Paxon SP Lin (CVE-2025-1977) and Cory YH Tseng (CVE-2025-2026) from Moxa Inc. for reporting the vulnerabilities, collaborating with us to enhance the security of our products, and contributing to our efforts to deliver better service to our customers. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release December 31, 2025

Relevant Products

NPort 6100-G2/6200-G2 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback