Product support

Security Advisories

SUMMARY

EDR-810 Series Security Router Vulnerabilities

  • Version: V1.0
  • Release Date: Nov 03, 2020
  • Reference:
    • BDU:2020-01269, BDU:2020-04912, BDU:2020-04914, BDU:2020-04915, BDU:2020-04916, BDU:2020-04913

Multiple product vulnerabilities were identified in Moxa’s EDR-810 Series Security Router. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Execute arbitrary command. BDU:2020-01269 A crafted request to the web server caused potential risk of executing arbitrary command.
2 Denial of service.     BDU:2020-04912 A crafted request to the web server caused potential risk of denial-of-service.
3 No response from system. BDU:2020-04914 A crafted request to the device may cause specific parts of the user interface to become unresponsive.
4 No response from system. BDU:2020-04915 A crafted request to the device may cause specific parts of the user interface to become unresponsive.
5 No response from system. BDU:2020-04916 A crafted request to the device may cause specific parts of the user interface to become unresponsive.
6 No response from system. BDU:2020-04913 A crafted request to the device may cause specific parts of the user interface to become unresponsive.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDR-810 Series Item 1: Firmware version 5.3 and lower.
Items 2 to 6: Firmware version 5.6 and lower.

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDR-810 Series Please download the new firmware here.
For vulnerability item 6, we suggest users enable the ‘Trusted Access’ feature on the EDR-810 device to mitigate the potential risk.

Acknowledgment:

We would like to express our appreciation to BDU FSTEC for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Nov 03, 2020

Relevant Products

EDR-810 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback