CVE-2026-3867
Improper Ownership Allows Config File Access in Moxa Router
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: Moxa Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moxa | secure_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-282 | The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the configuration file containing the hashed administrative password is not exported or accessible to low-privileged authenticated users.
Restrict access controls to prevent unauthorized users from exporting configuration files.
Monitor and audit user activities related to configuration file exports to detect any unauthorized attempts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper ownership management allowing a low-privileged authenticated user to access a configuration file containing the hashed password of the administrative account, but only if the configuration file has been exported.
To detect this vulnerability on your system, you should verify whether configuration files have been exported and check the permissions and ownership of those files to ensure they are not accessible by low-privileged users.
Since no specific detection commands or tools are provided in the available information, general commands to check file ownership and permissions on the device or system hosting the Moxa Secure Router could include:
- Using SSH or console access, run commands like `ls -l` on the directory where configuration files are stored to check file ownership and permissions.
- Check for exported configuration files by identifying files that have been recently created or copied outside the normal configuration directory.
- Review user access logs to detect any low-privileged user accessing configuration files.
Note that exploitation requires the configuration file to be exported, so monitoring export actions or configuration backups may also help detect potential exploitation attempts.
Can you explain this vulnerability to me?
This vulnerability is an improper ownership management issue in Moxa's Secure Router. It allows a low-privileged authenticated user to access a configuration file that contains the hashed password of the administrative account. However, this access is only possible if the configuration file has been exported.
The vulnerability does not affect the integrity or availability of the product, nor does it impact the confidentiality, integrity, or availability of any subsequent systems.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with low privileges to obtain sensitive information, specifically the hashed password of the administrative account.
However, exploitation requires that the configuration file has been exported, and the vulnerability does not affect system integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a low-privileged authenticated user to access a configuration file containing the hashed password of the administrative account if the configuration file has been exported. This could lead to unauthorized access to sensitive information.
However, the vulnerability does not impact the integrity or availability of the affected product, and no confidentiality, integrity, or availability impact to the subsequent system has been identified.
There is no specific information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.