As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

EDR-G902 Series and EDR-G903 Series Secure Routers Vulnerabilities

  • Security Advisory ID: MPSA-200502
  • Version: V1.1
  • Release Date: Jul 16, 2020
  • Reference:
    • CVE-2020-14511

A product vulnerability was identified in Moxa’s EDR-G902 Series and EDR-G903 Series Secure Routers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Stack buffer overflow (CWE-121)
CVE-2020-14511
Malicious operation of the crafted web browser cookie may cause stack buffer overflow in the system web server of the EDR-G902 Series and EDR-G903 Series.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDR-G902 Series Firmware Version 5.4 or lower
EDR-G903 Series Firmware Version 5.4 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDR-G902 Series Please download the new firmware here.
EDR-G903 Series Please download the new firmware here.

Acknowledgment:

We would like to express our appreciation to Tal Keren from Claroty for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Jun 15, 2020
1.1 Added the reference information that includes CVE-ID, CWE and ICS-CERT's security advisory Jul 16, 2020

Relevant Products

EDR-G902 Series · EDR-G903 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback