As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Vulnerabilities Identified in MDS-G4028-L3 Series and EDS-G512E - SSH Prefix Truncation, EOL Nginx Software, and Weak SSL/TLS Key Exchange

The MDS-G4028-L3 series and EDS-G512E series are affected by vulnerabilities that pose potential security risks. The MDS-G4028-L3 series is vulnerable to CVE-2023-48795, which could allow unauthorized access, as well as an outdated version of Nginx (CVE-2021-23017, CVE-2021-3618, and CVE-2019-20372), exposing it to unpatched threats. The EDS-G512E series is impacted by a weak SSL/TLS key exchange, which could compromise encrypted communications and potentially allow data interception.


The identified vulnerability types and potential impacts are listed below:

Item Vulnerability Type Impact
1

CWE-354 Improper Validation of Integrity Check Value (CVE-2023-48795)

Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected.
2 CWE-193 Off-by-one Error (CVE-2021-23017) This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
3 CWE-295 Improper Certificate Validation (CVE-2021-3618) Bypass protection mechanism or gain privileges or assume identity.
4 CWE-444 Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) (CVE-2019-20372) An attacker could create HTTP messages to exploit a number of weaknesses including 1) the message can trick the web server to associate a URL with another URL's webpage and caching the contents of the webpage (web cache poisoning attack), 2) the message can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the message can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack).
5 CWE-326: Inadequate Encryption Strength An attacker may be able to decrypt the data using brute force attacks.

Vulnerability Scoring Details 

ID
Base Score
Vector

Unauthenticated Remote Exploits

CVE-2023-48795

5.9

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Yes
CVE-2021-23017 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Yes
CVE-2021-3618 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Yes
CVE-2019-20372 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Yes
AFFECTED PRODUCTS AND SOLUTIONS

The Affected Products by CVE-2023-48795, CVE-2021-23017, CVE-2021-3618, and CVE-2019-20372:

The affected products and firmware versions are listed below.

Product Series Affected Versions
MDS-G4012 Series FIrmware version 4.0 and earlier versions
MDS-G4020 Series Firmware version 4.0 and earlier versions
MDS-G4028 Series Firmware version 4.0 and earlier versions
MDS-G4012-L3 Series Firmware version 4.0 and earlier versions
MDS-G4020-L3 Series Firmware version 4.0 and earlier versions
MDS-G4028-L3 Series Firmware version 4.0 and earlier versions

 

The Affected Products by a Weak SSL/TLS Key Exchange:

The affected products and firmware versions are listed below.

Product Series Affected Versions
EDS-G508E Series Firmware version 6.4 and earlier versions
EDS-G512E Series Firmware version 6.4 and earlier versions
EDS-G516E Series Firmware version 6.4 and earlier versions

 

Solutions:

Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.

Product Series Solutions
EDS-G508E Series Please contact Moxa Technical Support for the security patch
EDS-G512E Series Please contact Moxa Technical Support for the security patch
EDS-G516E Series Please contact Moxa Technical Support for the security patch
MDS-G4012 Series Please contact Moxa Technical Support for the security patch
MDS-G4020 Series Please contact Moxa Technical Support for the security patch
MDS-G4028 Seires Please contact Moxa Technical Support for the security patch
MDS-G4012-L3 Series Please contact Moxa Technical Support for the security patch
MDS-G4020-L3 Series Please contact Moxa Technical Support for the security patch
MDS-G4028-L3 Series Please contact Moxa Technical Support for the security patch

 

Mitigation:

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.
  • Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release November 4, 2024
1.1 Updated the affected products and solutions November 22, 2024
1.2 Removed CVE-2023-44487 from the advisory due to updated validation and analysis results December 3, 2024

Relevant Products

EDS-G508E Series · EDS-G512E Series · EDS-G516E Series · MDS-G4012-L3 Series · MDS-G4020-L3 Series · MDS-G4028-L3 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback