Critical Security Flaw in Moxa PT Switches: Authentication Bypass Vulnerability

By /

Listen to this Post

In a recent security advisory, Taiwanese company Moxa revealed a critical vulnerability affecting its PT switch series, which could potentially allow attackers to bypass authentication protections. The flaw, designated as CVE-2024-12297, poses a severe risk with a CVSS v4 score of 9.2 out of 10, highlighting its critical nature. The vulnerability stems from weaknesses in the switches’ authorization mechanisms, leaving devices vulnerable to brute-force and MD5 collision attacks. Moxa urges users of the affected models to apply patches immediately to protect their systems.

Overview of the Vulnerability

Moxa’s PT series switches, commonly used for network infrastructure, have been found to contain a major flaw in their authentication process. The vulnerability, identified as CVE-2024-12297, is a result of an authorization mechanism that can be bypassed by malicious actors. Even though the switches perform client-side and server-side verification, the implementation is flawed, allowing attackers to exploit these weaknesses.

The vulnerability enables brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes. As a result, attackers could gain unauthorized access to sensitive device configurations or disrupt the device’s normal operations. This is a critical risk for organizations using Moxa’s switches in industrial, automation, or networking settings, where device security is paramount.

Affected Versions:

– PT-508 Series (Firmware versions 3.8 and earlier)

– PT-510 Series (Firmware versions 3.8 and earlier)

– PT-7528 Series (Firmware versions 5.0 and earlier)

– PT-7728 Series (Firmware versions 3.9 and earlier)

– PT-7828 Series (Firmware versions 4.0 and earlier)

– PT-G503 Series (Firmware versions 5.3 and earlier)

– PT-G510 Series (Firmware versions 6.5 and earlier)

– PT-G7728 Series (Firmware versions 6.5 and earlier)

– PT-G7828 Series (Firmware versions 6.5 and earlier)

Actionable Measures and Recommendations

Moxa has provided a security patch to address this flaw, and users are strongly advised to contact Moxa Technical Support for the update. However, beyond patching the devices, Moxa suggests additional security measures to mitigate the risk:

  1. Restrict Network Access: Use firewalls or access control lists (ACLs) to limit exposure of the devices.
  2. Network Segmentation: Ensure that the switches are not directly exposed to the internet.
  3. Implement Multi-Factor Authentication (MFA): Require MFA for accessing critical systems.
  4. Monitor Network Traffic: Set up event logging and keep a close eye on network behavior for unusual activities.

Historical Context

This vulnerability in the PT series switches is the latest in a series of security issues uncovered in Moxa devices. Earlier in 2025, the company patched a similar vulnerability in its Ethernet switch EDS-508A series. Additionally, Moxa had addressed multiple high-severity flaws impacting its cellular and secure routers, highlighting an ongoing effort to address security concerns across their product lineup.

What Undercode Says:

The discovery of CVE-2024-12297 serves as a reminder of the persistent vulnerabilities in industrial and networking equipment that organizations often overlook. While Moxa has taken steps to patch this particular issue, the existence of such flaws in widely deployed devices underscores the need for constant vigilance in security management. PT switches are commonly used in critical infrastructure and automation systems, and any compromise can have severe consequences, including unauthorized access to sensitive data or potential service disruptions.

One of the most concerning aspects of this vulnerability is that it is easily exploitable. Attackers can either guess valid credentials through brute-force or forge authentication hashes using MD5 collision attacks—both of which are well-documented techniques in cybersecurity. The combination of these weaknesses makes the flaw particularly dangerous. The company has responded appropriately by issuing a patch and suggesting additional security practices such as MFA and network segmentation, but the reality is that many organizations still overlook the need for comprehensive security measures in industrial systems.

Moreover, the fact that Moxa has faced multiple vulnerabilities in a short span of time raises questions about the company’s overall security posture. While patches are regularly released, organizations using these devices should consider diversifying their infrastructure and relying on multi-layered security solutions to protect against future threats.

Moxa has made strides in addressing these flaws, but organizations relying on their products must take responsibility for securing their environments beyond simply applying patches. The advice to implement network segmentation, restrict internet exposure, and monitor for unusual activity is critical. In today’s threat landscape, relying solely on patches is not enough—proactive security management is key.

Fact Checker Results:

  • Moxa has acknowledged the vulnerability and provided patches for the affected models.
  • CVE-2024-12297 has a CVSS score of 9.2, indicating a severe risk to security.
  • The company recommends a range of mitigation strategies, including firewalls, network segmentation, and multi-factor authentication.

References:

Reported By: https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html
Extra Source Hub:
https://www.stackexchange.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Explore More: