{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3868", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2026-03-10T07:56:29.470Z", "datePublished": "2026-04-27T02:56:34.266Z", "dateUpdated": "2026-04-27T15:14:14.677Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-04-27T02:56:34.266Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-130", "description": "CWE-130: Improper Handling of Length Parameter Inconsistency", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-47", "descriptions": [{"lang": "en", "value": "CAPEC-47: Buffer Overflow via Parameter Expansion"}]}], "affected": [{"vendor": "Moxa", "product": "EDR-8010 Series", "versions": [{"status": "affected", "version": "1.0", "lessThanOrEqual": "3.23", "versionType": "custom"}, {"status": "unaffected", "version": "3.24", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9010 Series", "versions": [{"status": "affected", "version": "1.0", "lessThanOrEqual": "3.23.1", "versionType": "custom"}, {"status": "unaffected", "version": "3.24", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moxa:edr-8010_series:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndIncluding": "3.23"}, {"vulnerable": false, "criteria": "cpe:2.3:a:moxa:edr-8010_series:3.24:*:*:*:*:*:*:*"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moxa:edr-g9010_series:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndIncluding": "3.23.1"}, {"vulnerable": false, "criteria": "cpe:2.3:a:moxa:edr-g9010_series:3.24:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.\u00a0Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.\u00a0Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.\u00a0While successful exploitation can\u00a0severely\u00a0impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.&nbsp;Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.&nbsp;Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.&nbsp;While successful exploitation can&nbsp;severely&nbsp;impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.</p>"}]}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T15:13:55.314280Z", "id": "CVE-2026-3868", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:14:14.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T15:13:55.314280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:14:09.753Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-47", "descriptions": [{"lang": "en", "value": "CAPEC-47: Buffer Overflow via Parameter Expansion"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moxa", "product": "EDR-8010 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.23"}, {"status": "unaffected", "version": "3.24", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Moxa", "product": "EDR-G9010 Series", "versions": [{"status": "affected", "version": "1.0", "versionType": "custom", "lessThanOrEqual": "3.23.1"}, {"status": "unaffected", "version": "3.24", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.\u00a0Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.\u00a0Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.\u00a0While successful exploitation can\u00a0severely\u00a0impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.", "supportingMedia": [{"type": "text/html", "value": "<p>An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.&nbsp;Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.&nbsp;Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.&nbsp;While successful exploitation can&nbsp;severely&nbsp;impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-130", "description": "CWE-130: Improper Handling of Length Parameter Inconsistency"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:edr-8010_series:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "3.23", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:moxa:edr-8010_series:3.24:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moxa:edr-g9010_series:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "3.23.1", "versionStartIncluding": "1.0"}, {"criteria": "cpe:2.3:a:moxa:edr-g9010_series:3.24:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2026-04-27T02:56:34.266Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3868", "state": "PUBLISHED", "dateUpdated": "2026-04-27T15:14:14.677Z", "dateReserved": "2026-03-10T07:56:29.470Z", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "datePublished": "2026-04-27T02:56:34.266Z", "assignerShortName": "Moxa"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa\u2019s Secure Router.\u00a0Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive.\u00a0Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation.\u00a0While successful exploitation can\u00a0severely\u00a0impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified."}], "id": "CVE-2026-3868", "lastModified": "2026-04-27T18:57:20.293", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2026-04-27T04:16:09.090", "references": [{"source": "psirt@moxa.com", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-130"}], "source": "psirt@moxa.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,3.23]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "3.24"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "EDR-8010 Series", "source": "cna", "vendor": "Moxa"}, "product": "edr-8010_series", "vendor": "moxa"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,3.23.1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "3.24"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "EDR-G9010 Series", "source": "cna", "vendor": "Moxa"}, "product": "edr-g9010_series", "vendor": "moxa"}], "analysis": {"en": {"generated_at": "2026-04-28T19:51:37.393730+00:00", "value": {"mitigation_remediation": ["Apply Moxa\u2019s firmware update or patch that resolves the improper length parameter validation in the HTTPS management interface of the EDR\u20118010 and EDR\u2011G9010 series.", "Configure the device\u2019s firewall or access control lists to limit HTTPS management traffic to a trusted network segment or specific IP addresses, reducing the exposed attack surface.", "Set up monitoring and alerting for sudden web service crashes or restarts on the routers, and ensure that a recovery procedure such as automatic reboot or fail\u2011over is in place to restore availability quickly."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected devices are Moxa EDR\u20118010 Series and EDR\u2011G9010 Series routers running firmware version 3.24. Updating the router firmware or applying an official patch from Moxa is required to eliminate the vulnerability.", "description_and_impact": "The vulnerability is an improper validation of length parameters in the HTTPS management interface of Moxa\u2019s Secure Router. This flaw allows an unauthenticated remote attacker to send specially crafted requests that trigger a buffer overflow. The overflow causes the web service to become unresponsive, leading to a denial\u2011of\u2011service condition that requires a device reboot to recover. No confidentiality or integrity impact has been identified; the issue solely affects availability.", "risk_and_exploitability": "The CVSS score of 8.7 classifies this flaw as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The flaw is not listed in the CISA KEV catalog. Successful exploitation requires no authentication and can be performed over the HTTPS management interface, which is typically exposed on the network. Therefore, the attack vector is an unauthenticated remote HTTPS request that must reach the management service."}}}}, "created": "2026-04-27T18:41:59.087288+00:00", "title": "Improper Length Parameter Validation Causing Buffer Overflow and DoS in Moxa Secure Router", "updated": "2026-04-28T20:00:19.882880+00:00", "vendors": ["moxa", "moxa$PRODUCT$edr-8010_series", "moxa$PRODUCT$edr-g9010_series"]}