CVE-2026-9266— Moxa UC-1200A Series 加密问题漏洞

N/A

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure against CVE-2026-0714. However, an omission in the authorization session configuration causes the parameter encryption to provide no effective protection. An attacker with invasive physical access to the device can still capture TPM communications on the SPI bus and derive the LUKS disk encryption key in plaintext. While successful exploitation results in full compromise of the encrypted disk volume, the attack requires invasive physical access, including opening the device and attaching external equipment to the SPI bus. Remote exploitation is not possible, and the attack does not affect any downstream systems.

N/A

缺少必要的密码学步骤

Moxa UC-1200A Series 加密问题漏洞

Moxa UC-1200A Series是中国Moxa公司的一个工业路由器。 Moxa UC-1200A Series 1.0版本至1.4版本存在安全漏洞，该漏洞源于缺少必需的加密步骤且CVE-2026-0714修复不完整，授权会话配置存在遗漏导致参数加密无效，具有物理访问权限的攻击者可捕获SPI总线上的TPM通信并明文导出LUKS磁盘加密密钥，导致加密磁盘卷完全被破解。此攻击需要侵入性物理访问，无法远程利用。

N/A

N/A