Affected Products:
The affected products and firmware versions are shown below.
| Product Series |
Affected Versions |
| EDR-810 Series |
Firmware version v5.12.28 and prior versions |
| EDR G902 Series |
Firmware version v5.7.20 and prior versions |
| EDR G903 Series |
Firmware version v5.7.20 and prior versions |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Mitigation
-
Minimize network exposure to ensure the device is not accessible from the Internet.
-
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).
-
The starting point of all the above vulnerabilities is from the web service, so it is suggested to disable web service temporarily if you have completed the configuration to prevent further damages from these vulnerabilities until installing the patch or updating the firmware.
Products That Are Not Vulnerable:
Only the products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products:
-
EDR-8010 Series, EDR-G9010 Series
-
NAT-102 Series
-
TN-5500A Series, TN-4500A Series, TN-G4500 Series, TN-G6500 Series
-
TN-4900 Series, TN-5900 Series, TN-5900-ETBN Series
-
AWK-3131A Series, AWK-3131A-RCC Series, AWK-3131A-RTG Series
-
TAP-213 Series, TAP-323 Series
-
WAC-1001 Series, WAC-2004A Series
-
VPort 06-2 Series, VPort 06EC-2V Series, VPort 461A Series, VPort 464 Series, VPort P06-1MP-M12 Series, VPort P06HC-1V Series, VPort P16-1MP-M12 Series, VPort P16-1MP-M12-IR Series, VPort P16-2MR Series
Acknowledgment:
We would like to express our appreciation to Zhiyuan Chen for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History:
| VERSION |
DESCRIPTION |
RELEASE DATE |
| 1.0 |
First Release |
Nov 1, 2023 |