CVE-2026-0715
Unknown Unknown - Not Provided
Bootloader Access Vulnerability in Moxa Industrial Linux Devices

Publication date: 2026-02-05

Last updated on: 2026-02-18

Assigner: Moxa Inc.

Description
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu does not allow full system takeover or privilege escalation. The bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. As a result, an attacker cannot install malicious firmware or execute arbitrary code. The primary impact is limited to a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0715
EUVD
EUVD-2026-5532
Affected Vendors & Products
Showing 35 associated CPEs
Vendor Product Version / Range
moxa uc-1222a_firmware to 1.4 (inc)
moxa uc-2222a-t-us_firmware to 1.4 (inc)
moxa uc-2222a-t_firmware to 1.4 (inc)
moxa uc-2222a-t-ap_firmware to 1.4 (inc)
moxa uc-2222a-t-eu_firmware to 1.4 (inc)
moxa uc-3434a-t-lte-wifi_firmware to 1.2 (inc)
moxa uc-3424a-t-lte_firmware to 1.2 (inc)
moxa uc-3420a-t-lte_firmware to 1.2 (inc)
moxa uc-3430a-t-lte-wifi_firmware to 1.2 (inc)
moxa uc-4450a-t-5g_firmware to 1.3 (inc)
moxa uc-4434a-i-t_firmware to 1.3 (inc)
moxa uc-4410a-t_firmware to 1.3 (inc)
moxa uc-4454a-t-5g_firmware to 1.3 (inc)
moxa uc-4414a-i-t_firmware to 1.3 (inc)
moxa uc-4430a-t_firmware to 1.3 (inc)
moxa uc-8210-t-lx-s_firmware to 1.5 (inc)
moxa uc-8220-t-lx-eu-s_firmware to 1.5 (inc)
moxa uc-8220-t-lx-ap-s_firmware to 1.5 (inc)
moxa uc-8220-t-lx-us-s_firmware to 1.5 (inc)
moxa uc-8220-t-lx_firmware to 1.5 (inc)
moxa v1202-ct-t_firmware to 1.2.0 (inc)
moxa v1222-ct-t_firmware to 1.2.0 (inc)
moxa v1222-w-ct-t_firmware to 1.2.0 (inc)
moxa v2406c-kl7-ct-t_firmware to 1.2 (inc)
moxa v2406c-kl7-t_firmware to 1.2 (inc)
moxa v2406c-wl7-ct-t_firmware to 1.2 (inc)
moxa v2406c-wl5-t_firmware to 1.2 (inc)
moxa v2406c-kl1-ct-t_firmware to 1.2 (inc)
moxa v2406c-wl3-t_firmware to 1.2 (inc)
moxa v2406c-wl1-ct-t_firmware to 1.2 (inc)
moxa v2406c-kl3-t_firmware to 1.2 (inc)
moxa v2406c-wl1-t_firmware to 1.2 (inc)
moxa v2406c-kl1-t_firmware to 1.2 (inc)
moxa v2406c-wl7-t_firmware to 1.2 (inc)
moxa v2406c-kl5-t_firmware to 1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Moxa Arm-based industrial computers running Moxa Industrial Linux Secure. These devices use a device-unique bootloader password that is printed on the device. An attacker with physical access to the device can use this password to access the bootloader menu via a serial interface.

However, accessing the bootloader menu does not allow the attacker to take full control of the system or escalate privileges because the bootloader enforces digital signature verification and only permits flashing of Moxa-signed images. Therefore, the attacker cannot install malicious firmware or execute arbitrary code.

The main impact of this vulnerability is a potential temporary denial-of-service condition if a valid image is reflashed. Remote exploitation is not possible.

Impact Analysis

The primary impact of this vulnerability is a potential temporary denial-of-service condition. An attacker with physical access could reflash a valid image via the bootloader menu, temporarily disrupting device operation.

Since the bootloader only allows flashing of Moxa-signed images and enforces digital signature verification, the attacker cannot install malicious firmware or execute arbitrary code, so full system takeover or privilege escalation is not possible.

Remote exploitation is not possible, so the risk is limited to scenarios where an attacker has physical access to the device.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves physical access to the device's bootloader via a serial interface using a device-unique bootloader password printed on the device. Detection primarily involves verifying if unauthorized physical access to the device or serial interface has occurred."}, {'type': 'paragraph', 'content': 'Since the vulnerability does not allow remote exploitation and relates to physical access, network-based detection is limited. However, general security recommendations include implementing anomaly detection and maintaining logging and monitoring to identify unusual access patterns.'}, {'type': 'paragraph', 'content': 'No specific commands for detecting this vulnerability on the system or network are provided in the available resources.'}] [1]

Mitigation Strategies

Immediate mitigation steps include changing the bootloader default password as detailed in the Moxa Industrial Linux 3.x (Debian 11) Arm-based Computers Manual (Security Hardening Guide).

Operate devices in controlled physical access environments to prevent unauthorized physical access.

Apply the security patches released by Moxa, which involve updating the system kernel to version 5.10.234-cip57-rt25-moxa9-1+deb11u2 using apt commands followed by a system reboot.

  • Change the bootloader default password.
  • Restrict physical access to devices.
  • Update the system with the provided security patches via apt and reboot.
  • Restrict network access and minimize exposure.
  • Enhance authentication and access control.
  • Regularly update firmware and secure remote access.
  • Implement anomaly detection and maintain logging and monitoring.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0715. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart