CNNVD-202510-3246 Information

CNNVD ID

CNNVD-202510-3246

Related CVE

CVE-2025-1680

• CNNVD Published: 2025-10-23

Description (Chinese)

Moxa Ethernet switches是中国台湾Moxa公司的一款工业级网络交换机。 Moxa Ethernet switches存在安全漏洞，该漏洞源于HTTP Host标头注入，可能导致重定向用户、伪造链接或钓鱼。以下产品受到影响：TN-4500A Series、TN-5500A Series、TN-G4500 Series、TN-G6500 Series。

Description (English)

Moxa Ethernet Switches is an industrial-level network exchange for Moxa, Taiwan, China. There is a security loophole in Moxa Ethernet switches, which originates from HTTP Host header injections, which may lead to re-direction of users, forged links or fishing. The following products were affected: TN-4500A Series, TN-5500A Series, TN-G4500 Series, TN-G6500 Series.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

摩莎

Published

2025-10-23

Last Modified

2026-02-24

References

https://www.hackrtu.com/blog/cg-technical-en-003/ https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257421-cve-2025-1679

Patch

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-257421-cve-2025-1679,-cve-2025-1680-stored-cross-site-scripting-(xss)-and-host-header-injection-vulnerabilities-in