OTPulse
FeedAboutContact

Moxa EDR-G902 Series and EDR-G903 Series Secure Routers Vulnerabilities

Low Risk1edr-g902-g903-series-secure-routers-vulnerabilitiesJul 16, 2020
Summary

A stack buffer overflow vulnerability (CVE-2020-14511, CWE-121) exists in the web server of Moxa EDR-G902 and EDR-G903 Series Secure Routers. A malicious web browser cookie could trigger the overflow in the system web server. Moxa has developed solutions to address this vulnerability.

What this means
What could happen
A stack buffer overflow in the web server could allow an attacker to execute arbitrary code on the router, potentially disrupting network connectivity to field devices and control systems that depend on this router for communication.
Who's at risk
This affects water utilities, electric utilities, and other critical infrastructure operators running Moxa EDR-G902 or EDR-G903 secure routers as network gateways. These routers typically provide remote site connectivity for SCADA systems, RTUs, and other field-based control equipment.
How it could be exploited
An attacker must craft a malicious web browser cookie and send it to the router's web interface. If the router accepts the request without proper input validation, the oversized cookie data can overflow the stack memory buffer, allowing the attacker to overwrite memory and inject executable code.
Prerequisites
  • Network access to the router's web interface (typically port 80/443)
  • Ability to set a malicious cookie in a request to the router web server
  • No authentication required for the vulnerable code path
remotely exploitableno authentication requiredlow complexityaffects network infrastructure deviceno patch available for EDR-G902
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
EDR-G902All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDDisable remote web access to the router if not required for operations; use only local console management or SSH with key-based authentication
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Moxa technical support for available patches or firmware updates that address CVE-2020-14511
Mitigations - no patch available
0/1
EDR-G902 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the router's web interface to only authorized engineering workstations and management systems
View full Moxa Security advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d8bfabe1-a552-40e0-acd9-83e2872db332
Moxa EDR-G902 Series and EDR-G903 Series Secure Routers Vulnerabilities | CVSS 1 - OTPulse