216.73.216.6

CVE-2025-1977

· Published 31/12/2025 08:15 · Modified 31/12/2025 20:42

Labels: CVE-2025-1977 2025-12-31CVE-2025-1977CWE-250[email protected]

Essential information

Published
31/12/2025 08:15
Modified
31/12/2025 20:42
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
moxa / nport 6100-g2 cpe:2.3:a:moxa:nport_6100-g2:*:*:*:*:*:*:*:*
moxa / nport 6200-g2 cpe:2.3:a:moxa:nport_6200-g2:*:*:*:*:*:*:*:*

References