CVE-2020-6989

Name of the Vulnerable Software and Affected Versions Moxa EDS-G516E and Moxa EDS-510E versions (affected versions not specified) Moxa PT-7528 series firmware versions prior to 4.1 Moxa PT-7828 series firmware versions prior to 3.10

Description The issue is related to a buffer overflow in the web server component of the affected devices. This can be exploited by a remote attacker to cause a denial-of-service condition or potentially execute arbitrary code by sending a specially crafted packet. The vulnerability is associated with the SwitchDHCPSetting component in the case of Moxa EDS-G516E and Moxa EDS-510E devices.

Recommendations For Moxa EDS-G516E and Moxa EDS-510E, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Moxa PT-7528 series firmware version 4.0 or lower, update to version 4.1 or higher. For Moxa PT-7828 series firmware version 3.9 or lower, update to version 3.10 or higher. As a temporary workaround, consider restricting access to the web server component until a patch is available.