Improper Ownership Management Vulnerability in Moxa’s Secure Router
CVE-2026-3867

6MEDIUM

Key Information:

Vendor: Moxa
Status: Edr-8010 Series; Edr-g9010 Series
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-3867?

An improper ownership management vulnerability in Moxa's Secure Router allows low-privileged authenticated users to access configuration files that contain hashed passwords for administrative accounts. Exploitation of this vulnerability requires that the configuration file be exported, thereby exposing sensitive information. While this flaw does not compromise the integrity or availability of the router, it poses a risk to confidentiality as attackers can strategically gather information if the file is improperly handled. Ensuring strict ownership and access control measures is critical to mitigate this risk.

Affected Version(s)

EDR-8010 Series 1.0 <= 3.23

EDR-G9010 Series 1.0 <= 3.23.1

EDR-G9010 Series 3.24

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-3867 Data

JSON