PT-2020-3660 · Moxa · Moxa Edr-G903+1

Published

2020-07-14

Updated

2021-09-23

CVE-2020-14511

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa EDR-G902 versions prior to 5.4 Moxa EDR-G903 versions prior to 5.4

Description The issue is related to a stack-based buffer overflow in the system web server on the affected routers. This can be caused by a maliciously crafted web browser cookie, potentially allowing a remote attacker to execute arbitrary code. The affected routers are widely used in sectors such as oil and gas, and communal services.

Recommendations For Moxa EDR-G902 versions prior to 5.4, update to version 5.4 or later to resolve the issue. For Moxa EDR-G903 versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the system web server to minimize the risk of exploitation.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

BDU:2020-04008

CVE-2020-14511

Affected Products

Moxa Edr-G902

Moxa Edr-G903

PT-2020-3660 · Moxa · Moxa Edr-G903+1

CVE-2020-14511

Weakness Enumeration

Related Identifiers

Affected Products

References · 14