Product support

Security Advisories

SUMMARY

Moxa's Response Regarding the dnsmasq Vulnerability

  • Version: V1.0
  • Release Date: Jan 06, 2022
  • Reference:
    • CISA, ICS Advisory(ICSA-21-019-01)
    • CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687
    • JSOF, DNSpooq

Moxa has studied a report by JSOF research labs that disclosed a set of vulnerabilities (known as ‘DNSpooq’) in dnsmasq. There are two types of DNSpooq vulnerabilities: buffer overflow and DNS response validation issues. Buffer overflow (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683 and CVE-2020-25687) might lead to remote code execution and DoS attacks; and DNS response validation issues (CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686) are vulnerable to DNS cache poisoning.

Moxa has investigated the vulnerabilities and has determined that the vulnerabilities affect AWK-3131A/4131A/1137C/1131A Series. In response to this, Moxa has developed related solutions to address these vulnerabilities.
 

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
AWK-3131A/4131A Series Firmware version 1.16 or lower.
AWK-1137C Series Firmware version 1.6 or lower.
AWK-1131A Series Firmware version 1.22 or lower.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
AWK-3131A Series Please upgrade to firmware version 1.17 or higher. (Download Link)
AWK-4131A Series Please upgrade to firmware version 1.17 or higher. (Download Link)
AWK-1137C Series Please upgrade to firmware version 1.7 or higher. (Download Link)
AWK-1131A Series Please upgrade to firmware version 1.23 or higher. (Download Link)

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Jan 6, 2022

Relevant Products

AWK-1131A Series · AWK-1137C Series · AWK-3131A Series · AWK-4131A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback