Tn-4900
This hub aggregates every CVE we track for Tn-4900, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
7
Critical
12
High
0
In CISA KEV
Severity distribution
HIGH12CRITICAL7MEDIUM1
Monthly trend
0
0
0
2
0
0
2
0
0
2
0
0
0
0
0
5
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Tn-4900.
- CVE-2025-6950An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used...9.8
- CVE-2025-6949An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low...8.8
- CVE-2025-6894An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows a...5.4
- CVE-2025-6893An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/se...8.8
- CVE-2025-6892An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected ...8.8
- CVE-2025-0676Commend Injection Leading to Privilege Escalation7.2
- CVE-2025-0415Command Injection in NTP Setting9.1
- CVE-2024-9140Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly ...9.8
- CVE-2024-9138Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances7.2
- CVE-2024-9139OS Command Injection in Restricted Command7.2
- CVE-2024-9137Moxa Service Missing Authentication for Critical Function9.4
- CVE-2023-34217Second Order Command-injection Vulnerability in the Certificate-delete Function8.1
- CVE-2023-34216Second Order Command-injection Vulnerability in the Key-delete Function8.1
- CVE-2023-34214Second Order Command-injection Vulnerability in the Certificate-generation Function7.2
- CVE-2023-33239Second Order Command-injection Vulnerability in the Key-generation Function8.8
Product normalization is registry-driven with AI assist and human review. How it works