CVE-2025-41652

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-656
View all →

Vulnerability Description

The devices are vulnerable to an authentication bypass due to flaws in the authorization mechanism. An unauthenticated remote attacker could exploit this weakness by performing brute-force attacks to guess valid credentials or by using MD5 collision techniques to forge authentication hashes, potentially compromising the device.

Related Vulnerabilities

CVE-2020-10286

CRITICAL
CVSS:9.4(Critical)

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file...

CWE-6562020

CVE-2020-10284

CRITICAL
CVSS:9.1(Critical)

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

CWE-6562020

CVE-2020-10286

CRITICAL
CVSS:9.4(Critical)

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible file...

CWE-6562020

CVE-2020-10284

CRITICAL
CVSS:9.1(Critical)

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1...

CWE-6562020

CVE-2024-9138

HIGH
CVSS:7.2(High)

Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an a...

CWE-6562024

CVE-2020-10277

MEDIUM
CVSS:6.4(Medium)

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files (such as the shadow file) or privilege escalation by manually addin...

CWE-6562020