As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

EDR-G903, EDR-G902, and EDR-810 Series Secure Routers Vulnerability

  • Security Advisory ID: MPSA-220202
  • Version: V1.0
  • Release Date: Feb 11, 2022
  • Reference:
    • N/A

A product vulnerability was identified in Moxa’s EDR-G903 Series, EDR-G902 Series, and EDR-G810 Series Secure Routers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Hard-coded Credentials (CWE-798) Use of embedded credential may allow an attacker to access the device by a crafted credential.

 

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDR-810 Series Firmware Version 5.9 or lower.
EDR-G902 Series Firmware Version 5.6 or lower.
EDR-G903 Series Firmware Version 5.6 or lower.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDR-810 Series Please upgrade to firmware version 5.10 or higher. (Download Link)
EDR-G902 Series Please upgrade to firmware version 5.7 or higher. (Download Link)
EDR-G903 Series Please upgrade to firmware version 5.7 or higher. (Download Link).


Mitigations:
If a customer cannot upgrade to the new firmware immediately, they can consider performing the following mitigation to reduce the risk:

  • Enable the “Trusted Access” feature to enhance the authentication mechanism and only allow authorized remote access to the device

 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Feb 11, 2022

Relevant Products

EDR-810 Series · EDR-G902 Series · EDR-G903 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback