Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-3868
PUBLISHED
More InfoOfficial Page
Assigner-Moxa
Assigner Org ID-2e0a0ee2-d866-482a-9f5e-ac03d156dbaa
View Known Exploited Vulnerability (KEV) details
Published At-27 Apr, 2026 | 02:56
Updated At-27 Apr, 2026 | 02:56
Rejected At-
▼CVE Numbering Authority (CNA)

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.

Affected Products
Vendor
Moxa Inc.Moxa
Product
EDR-8010 Series
Default Status
unaffected
Versions
Affected
  • From 1.0 through 3.23 (custom)
Unaffected
  • 3.24 (custom)
Vendor
Moxa Inc.Moxa
Product
EDR-G9010 Series
Default Status
unaffected
Versions
Affected
  • From 1.0 through 3.23.1 (custom)
Unaffected
  • 3.24 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-130CWE-130: Improper Handling of Length Parameter Inconsistency
Type: CWE
CWE ID: CWE-130
Description: CWE-130: Improper Handling of Length Parameter Inconsistency
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-47CAPEC-47: Buffer Overflow via Parameter Expansion
CAPEC ID: CAPEC-47
Description: CAPEC-47: Buffer Overflow via Parameter Expansion
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons
vendor-advisory
Hyperlink: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons
Resource:
vendor-advisory
Details not found