Moxa CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security Appliances

Plan Patch9.2MPSA-259491Apr 2, 2025

Summary

Moxa secure routers, cellular routers, and network security appliances are vulnerable to OS command injection through the web interface NTP settings. An authenticated attacker with web administrator privileges can execute arbitrary system commands on the device. Successful exploitation forces the device into an infinite reboot loop, causing complete loss of network connectivity for downstream systems dependent on the affected router's network services.

What this means

What could happen

An authenticated attacker with web administrator access could inject commands into NTP settings, forcing the device into a continuous reboot loop and completely disrupting network connectivity for all downstream systems that rely on this router.

Who's at risk

Water utilities and municipal electric utilities using Moxa secure routers, cellular routers, or network security appliances as perimeter security devices, gateway routers, or cellular failover equipment. Any organization relying on these devices for core network connectivity between control networks and the enterprise network is affected. Impact is greatest for sites with cellular backup connections where the device is a single point of failure for redundant network paths.

How it could be exploited

An attacker with valid web administrator credentials accesses the router's web interface, navigates to NTP settings, and injects OS commands into a configuration field. The device processes these commands without proper validation, executing them with root privileges and triggering an infinite reboot sequence that renders the device unusable.

Prerequisites

Valid web administrator credentials for the device
Access to the device's web interface (typically port 80 or 443)
Ability to modify NTP settings

Remotely exploitableRequires valid administrator credentials (higher barrier but still critical)Low complexity attackAffects network availability (DoS)No patch currently availableCritical CVSS score (9.2)

Exploitability

Low exploit probability (EPSS 0.8%)

Affected products (1)

ProductAffected VersionsFix Status

CVE-2025-0415: Command Injection Leading to Denial-of-Service in Secure Routers, Cellular Routers, and Network Security All versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDRestrict access to the web administrator interface to trusted personnel only; use network firewalls to block external access to the web management port

HARDENINGDisable web-based administration if SNMP or other management protocols can be used instead

HARDENINGChange default web administrator passwords immediately and enforce strong credential policies

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa directly for available patches or firmware updates addressing CVE-2025-0415 for your specific router model

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate router management traffic from general operational networks

CVEs (1)

CVE-2025-0415

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9768a4ea-c89a-42c6-a95e-b22ead74ac55