CVE-2019-9099

Name of the Vulnerable Software and Affected Versions Moxa MGate MB3170 versions prior to 4.1 Moxa MGate MB3180 versions prior to 2.1 Moxa MGate MB3270 versions prior to 4.1 Moxa MGate MB3280 versions prior to 3.1 Moxa MGate MB3480 versions prior to 3.1 Moxa MGate MB3660 versions prior to 2.3

Description The issue is related to a buffer overflow in the built-in web server of Moxa MGate devices when handling input data in the MD5Password parameter. This can allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted packet. The buffer overflow occurs in the stack, enabling potential code execution or disruption of service.

Recommendations For Moxa MGate MB3170 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3180 versions prior to 2.1, update to version 2.1 or later. For Moxa MGate MB3270 versions prior to 4.1, update to version 4.1 or later. For Moxa MGate MB3280 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3480 versions prior to 3.1, update to version 3.1 or later. For Moxa MGate MB3660 versions prior to 2.3, update to version 2.3 or later. As a temporary workaround, consider restricting access to the built-in web server to minimize the risk of exploitation. Avoid using the MD5Password parameter in the affected web server until the issue is resolved.