Moxa Moxa's Response Regarding the dnsmasq Vulnerability

Act Nowvulnerabilities-in-dnsmasq-affecting-awk-3131a-4131a-1137c-1131a-seriesJan 6, 2022

Summary

Moxa has identified that dnsmasq vulnerabilities known as "DNSpooq" affect its AWK-3131A/4131A/1137C/1131A Series devices. The vulnerabilities include two categories: buffer overflow issues (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687) that could lead to remote code execution and denial of service, and DNS response validation issues (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686) that could enable DNS cache poisoning attacks. Moxa states it has developed solutions to address these vulnerabilities.

What this means

What could happen

An attacker with network access to a Moxa AWK device could execute code on the device to alter network routing or device configurations, or poison DNS responses to redirect your network traffic to malicious destinations. This could disrupt connectivity to critical systems and enable man-in-the-middle attacks on control system communications.

Who's at risk

Industrial facilities using Moxa AWK-3131A, AWK-4131A, AWK-1137C, or AWK-1131A wireless access points and industrial routers should prioritize this. These devices are commonly deployed in utility networks, manufacturing plants, and remote sites for network connectivity. Any organization relying on these devices for critical network services is affected.

How it could be exploited

An attacker on the network can send specially crafted DNS packets or responses to the Moxa device's dnsmasq service. For buffer overflow vulnerabilities, this could trigger code execution on the device. For DNS validation issues, the attacker can inject false DNS responses that the device caches and serves to other network clients, poisoning their address resolution.

Prerequisites

Network access to the Moxa device on the port used for DNS (typically UDP port 53)
Device must be running dnsmasq for DNS resolution (likely enabled by default)

remotely exploitablehigh EPSS score (45.4%)no patch availablecould enable code executionaffects industrial network devices

Exploitability

High exploit probability (EPSS 45.4%)

Affected products (1)

ProductAffected VersionsFix Status

Moxa's Response Regarding the dnsmasq VulnerabilityAll versionsNo fix yet

Remediation & Mitigation

0/3

Do now

0/2

HOTFIXContact Moxa directly to obtain and deploy the solution they have developed for dnsmasq vulnerabilities

WORKAROUNDRestrict network access to DNS services on the Moxa device using firewall rules; limit which devices can query DNS through this device

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Moxa devices from untrusted network segments

CVEs (7)

CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25687 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b7e4235-da7c-42d6-9ff1-5af5aafbc219