Vulnerability Description
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Edr-G903 Firmware | <= 5.5 |
| Moxa | Edr-G903 | - |
| Moxa | Edr-G903-T Firmware | <= 5.5 |
| Moxa | Edr-G903-T | - |
| Moxa | Edr-G902 Firmware | <= 5.5 |
| Moxa | Edr-G902 | - |
| Moxa | Edr-G902-T Firmware | <= 5.5 |
| Moxa | Edr-G902-T | - |
| Moxa | Edr-810-2Gsfp Firmware | <= 5.6 |
| Moxa | Edr-810-2Gsfp | - |
| Moxa | Edr-810-2Gsfp-T Firmware | <= 5.6 |
| Moxa | Edr-810-2Gsfp-T | - |
| Moxa | Edr-810-Vpn-2Gsfp Firmware | <= 5.6 |
| Moxa | Edr-810-Vpn-2Gsfp | - |
| Moxa | Edr-810-Vpn-2Gsfp-T Firmware | <= 5.6 |
| Moxa | Edr-810-Vpn-2Gsfp-T | - |
Related Weaknesses (CWE)
References
- https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secuVendor Advisory
- https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secuVendor Advisory
FAQ
What is CVE-2020-28144?
CVE-2020-28144 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firm...
How severe is CVE-2020-28144?
CVE-2020-28144 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-28144?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Edr-G903 Firmware, Moxa Edr-G903, Moxa Edr-G903-T Firmware, Moxa Edr-G903-T, Moxa Edr-G902 Firmware.