Login
Sign-up
About IT4A
SHOP OT Products
SUPPLY Solutions
PROTECT Solutions
HOST Solutions
CONNECT Services
Useful RESOURCES
CONTACT IT4A
AboutIT4A
SHOPOT Products
SUPPLYSolutions
HOSTSolutions
PROTECTSolutions
CONNECTServices
UsefulRESOURCES
CONTACTIT4A

CVE-2025-1977, CVE-2025-2026: Multiple Vulnerabilities in NPort 6100-G2/6200-G2 Series

Published: December 31, 2025

This Alert Is From MOXA

As Industrial IoT (IIoT) adoption continues to proliferate, cybersecurity has become one of the top priorities. The Moxa Product Security Incident Response Team (PSIRT) takes a proactive approach to protect products from cybersecurity vulnerabilities. Moxa PSIRT investigates all reports of vulnerabilities that could potentially affect Moxa products. Moxa created a vulnerability management policy to provide guidance and information to our customers in the event of a reported vulnerability. The management policy ensures that Moxa’s customers have steady, unambiguous resources to help them understand how Moxa resolves or mitigates reported vulnerabilities. For any queries, please email PSIRT@moxa.com.

This security advisory addresses two vulnerabilities identified in NPort 6100-G2/6200-G2 Series.

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition.

Since these issues have high severity, we strongly advise users to immediately apply the solutions to mitigate associated security risks.
 

The Identified Vulnerability Type and Potential Impact

CVE ID Vulnerability Type Impact
CVE-2025-1977

CWE-250: Execution with Unnecessary Privileges

 CAPEC-122: Privilege Abuse
CVE-2025-2026 CWE-170: Improper Null Termination

An authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service.

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2025-1977

CVSS 4.0: 7.7

AV:N/AC:L/AT:P/PR:L/UI:N/

VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

 High No
CVE-2025-2026 CVSS 4.0: 7.1

AV:N/AC:L/AT:N/PR:L/UI:N/

VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

 High No

 

This alert has come from: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-251731-cve-2025-1977-cve-2025-2026-multiple-vulnerabilities-in-nport-6100-g2-6200-g2-series