CVE-2020-28144

Name of the Vulnerable Software and Affected Versions Moxa Inc EDR-G903 Series versions 5.5 or lower Moxa Inc EDR-G902 Series versions 5.5 or lower Moxa Inc EDR-810 Series versions 5.6 or lower

Description The issue is related to an improper restriction of operations, which may allow remote arbitrary code execution when crafted requests are sent to the device. This can be exploited by a remote attacker using specially formed requests, potentially leading to denial of service. The vulnerability is also described as a buffer overflow in memory, which can be triggered by a crafted request.

Recommendations For EDR-G903 Series versions 5.5 or lower, update to a version higher than 5.5 to resolve the issue. For EDR-G902 Series versions 5.5 or lower, update to a version higher than 5.5 to resolve the issue. For EDR-810 Series versions 5.6 or lower, update to a version higher than 5.6 to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.