Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability in Ethernet Switches

Plan PatchCVSS 9.2MPSA-241409Feb 4, 2026

Moxa

Summary

Multiple Moxa Ethernet switches contain an authentication bypass vulnerability (CVE-2024-12297) caused by flaws in the authorization mechanism implementation. Despite client-side and back-end server verification present in the design, the implementation is flawed. Attackers can exploit weaknesses in the authorization logic (reliance on security through obscurity) to either brute-force valid credentials or forge MD5 authentication hashes, gaining unauthorized administrative access to the device. This allows potential compromise of device configuration, network traffic manipulation, and service disruption. The vendor has indicated no patch is planned for this vulnerability.

What this means

What could happen

An attacker could bypass authentication on Moxa Ethernet switches through weak authorization logic, potentially gaining unauthorized access to network configuration and device control. This could allow an attacker to modify switch settings, redirect traffic, or interrupt network connectivity in critical infrastructure.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Moxa Ethernet switches for network connectivity and device management. Particularly relevant for organizations where switches sit on the boundary between IT and OT networks or provide connectivity to programmable logic controllers (PLCs), remote terminal units (RTUs), and other industrial equipment.

How it could be exploited

An attacker on the network can send crafted authentication requests to the switch's management interface. By exploiting weaknesses in the authorization implementation (CWE-656: reliance on security through obscurity), the attacker can either brute-force valid credentials or forge MD5 authentication hashes to bypass login controls and gain administrative access to the device.

Prerequisites

Network access to the switch's management interface (typically HTTP/HTTPS port 80 or 443)
No valid credentials required to initiate the attack

Remotely exploitableNo authentication requiredNo patch availableCritical severityAffects network boundary devices

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Ethernet SwitchesAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGContact Moxa support immediately to request a patched firmware version or workaround guidance, as no fix is currently planned

WORKAROUNDRestrict network access to the switch management interface to only authorized administration workstations using firewall rules and ACLs

WORKAROUNDDisable remote management access (HTTP/HTTPS) if not operationally required and use only out-of-band or local serial console access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network segmentation to isolate switches on a restricted management VLAN accessible only from authorized admin subnets

CVEs (1)

CVE-2024-12297

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/beb60352-3153-4538-ad3c-def08b8854b4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.