Moxa EDR-810/G902/G903 Series Web Server Buffer Overflow Vulnerability

Monitor6.5MPSA-234880Nov 1, 2023

Summary

A buffer overflow vulnerability exists in the web server of the EDR-810, EDR-G902, and EDR-G903 Series routers due to insufficient input validation on HTTP URI parameters (CVE-2023-4452, CWE-120). An unauthenticated attacker can send a malformed HTTP request that causes the device to reboot, resulting in denial of service. CVSS v3.1 score is 6.5 (Network, Low Complexity, No Privileges, No User Interaction required).

What this means

What could happen

An attacker can remotely reboot the router without authentication, causing temporary loss of network connectivity and potential disruption to any connected industrial processes or monitoring systems.

Who's at risk

Moxa EDR-810 and EDR-G902/G903 Series industrial routers used in water and power facilities to provide Ethernet connectivity and routing between remote substations, RTUs, and control centers. Any facility relying on these routers for SCADA connectivity is affected.

How it could be exploited

An attacker sends a specially crafted HTTP request with an oversized or malformed URI to the web server running on the router. The web server does not validate the input size, causing a buffer overflow that crashes the service and reboots the device.

Prerequisites

Network access to the web server on port 80 or 443
Device must be reachable from the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableaffects network availability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

EDR-810/G902/G903All versionsNo fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement firewall rules to restrict access to the web management interface (ports 80/443) to authorized engineering workstations only

HARDENINGDisable remote web management if not required; use only local management console or serial access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor the vendor (Moxa) website for firmware updates; apply any available patches to affected routers

Long-term hardening

0/1

HARDENINGNetwork-isolate EDR-810/G902/G903 routers to administrative subnets if possible

CVEs (1)

CVE-2023-4452

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1e68ff93-ed7d-45cd-b5f5-303fdfe4a705