CVE-2025-1977
Privilege Escalation in NPort 6100/6200-G2 via MCC Tool
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | nport_6200-g2 | 1.0.0 |
| moxa | nport_6100-g2 | 1.0.0 |
| moxa | nport_6200-g2 | 1.1.0 |
| moxa | nport_6100-g2 | 1.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-1977 is a vulnerability in the Moxa NPort 6100-G2/6200-G2 Series devices where an authenticated user with only read-only access can exploit the Moxa CLI Configuration (MCC) tool to make unauthorized configuration changes. This happens because the user is granted unnecessary execution privileges. The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction, but it requires certain system conditions or configurations. Successful exploitation can lead to unauthorized changes in device settings, affecting the device's confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated user with read-only access to make unauthorized configuration changes to the affected device. Such changes can compromise the confidentiality, integrity, and availability of the device, potentially disrupting its normal operation or exposing sensitive device settings. However, no impact on other systems beyond the affected device has been identified. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized configuration changes made by users with read-only access via the MCC tool. Network anomaly detection and logging should be implemented to identify suspicious activities. Specific commands are not provided in the resources, but monitoring logs for MCC tool usage and configuration changes is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the device firmware to version 1.1.0 or later, which contains the security patch. If updating is not possible, restrict network access to the devices using firewalls or ACLs, segregate operational networks, disable unused services and ports, enhance authentication with multi-factor authentication (MFA) and role-based access control (RBAC), secure remote access with encrypted protocols such as VPN or SSH, implement anomaly detection and logging, and conduct regular security assessments. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized configuration changes that can impact the confidentiality, integrity, and availability of the affected device. Such impacts could potentially lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of data confidentiality and integrity. However, the provided resources do not explicitly discuss compliance implications or specific effects on regulatory requirements. [1]