CVE-2022-3086

Name of the Vulnerable Software and Affected Versions Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior Moxa UC-8580 Series version 1.1 Moxa UC-8540 Series versions 1.0 through 1.2 Moxa UC-8410A Series version 2.2 Moxa UC-8200 Series versions 1.0 through 2.4 Moxa UC-8100A-ME-T Series versions 1.0 through 1.1 Moxa UC-8100 Series versions 1.2 through 1.3 Moxa UC-5100 Series version 1.2 Moxa UC-3100 Series versions 1.2 through 2.0 Moxa UC-2100 Series versions 1.3 through 1.5 Moxa UC-2100-W Series versions 1.3 through 1.5

Description The issue is related to insufficient argument validation in the command, allowing an attacker to execute arbitrary code by restarting the device and accessing the BIOS. An attacker with physical access can initiate a restart, alter command line options, access the terminal, and modify authentication files to gain full system access.

Recommendations For Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior: update to a version later than 6.5.0.160bc2e to resolve the issue. For Moxa UC-8580 Series version 1.1: restrict physical access to the device until a patch is available. For Moxa UC-8540 Series versions 1.0 through 1.2: limit command line option alterations until an update is applied. For Moxa UC-8410A Series version 2.2: avoid using the terminal for sensitive operations until the issue is fixed. For Moxa UC-8200 Series versions 1.0 through 2.4: monitor authentication file modifications closely until a resolution is provided. For Moxa UC-8100A-ME-T Series versions 1.0 through 1.1: consider disabling the bootloader until a secure version is released. For Moxa UC-8100 Series versions 1.2 through 1.3: apply additional access controls to the terminal. For Moxa UC-5100 Series version 1.2: update the device to prevent arbitrary code execution. For Moxa UC-3100 Series versions 1.2 through 2.0: restrict access to the BIOS. For Moxa UC-2100 Series versions 1.3 through 1.5: implement additional security measures to prevent system access. For Moxa UC-2100-W Series versions 1.3 through 1.5: limit device restarts to authorized personnel only.