As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

VPort Series Improper Input Validation Vulnerability

Successful exploitation of the improper input validation control could allow a remote attacker to cause the RTSP service to crash.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Multiple Format String (CVE-2022-38157) Successful exploitation of the multiple format string vulnerabilities in Moxa’s VPort IP Camera series can crash the RTSP service.
2 Multiple Buffer Overflows (CVE-2022-31858) Successful exploitation of the multiple buffer overflow vulnerabilities in Moxa’s VPort IP Camera series can crash the RTSP service.
3 NULL Pointer Dereference Vulnerability (CVE-2022-38159) Successful exploitation of the NULL pointer dereference vulnerability in Moxa’s VPort IP Camera series can crash the RTSP service.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
VPort P16-1MP-M12 Firmware Version v1.3 or lower.
VPort P16-1MP-M12-IR Firmware Version v1.4 or lower.
VPort P06-1MP-M12 Firmware Version v2.6 or lower.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
VPort P16-1MP-M12 Please contact Moxa Technical Support for the security patch.
VPort P16-1MP-M12-IR Please contact Moxa Technical Support for the security patch.
VPort P06-1MP-M12 Please contact Moxa Technical Support for the security patch.

 

Acknowledgment:

We would like to express our appreciation to Cheng-Yen Chung from the National Taiwan University of Science and Technology Connectivity Laboratory for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Nov 11, 2022
  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback