Improper Handling of Length Parameter in Moxa's Secure Router
CVE-2026-3868

8.7HIGH

Key Information:

Vendor: Moxa
Status: Edr-8010 Series; Edr-g9010 Series
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-3868?

A vulnerability has been discovered in Moxa’s Secure Router due to improper validation of length parameters in the HTTPS management interface. This flaw allows unauthenticated remote attackers to craft specific requests, potentially leading to a buffer overflow condition. If exploited, this could cause the web service to become unresponsive, necessitating a reboot for normal operation to resume. While the unavailability of the affected device can have significant implications, assessments indicate that the vulnerability does not affect the confidentiality or integrity of the device or the broader system.

Affected Version(s)

EDR-8010 Series 1.0 <= 3.23

EDR-G9010 Series 1.0 <= 3.23.1

EDR-8010 Series 3.24

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-3868 Data

JSON