1. Home
  2. CVE Database
  3. CVE-2024-0387
MEDIUM · 6.5

CVE-2024-0387

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the ta...

Vulnerability Description

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
MoxaEds-4008 Firmware<= 3.2
MoxaEds-4008-
MoxaEds-4009 Firmware<= 3.2
MoxaEds-4009-
MoxaEds-4012 Firmware<= 3.2
MoxaEds-4012-
MoxaEds-4014 Firmware<= 3.2
MoxaEds-4014-
MoxaEds-G4008 Firmware<= 3.2
MoxaEds-G4008-
MoxaEds-G4012 Firmware<= 3.2
MoxaEds-G4012-
MoxaEds-G4014 Firmware<= 3.2
MoxaEds-G4014-

Related Weaknesses (CWE)

CWE-1188

References

FAQ

What is CVE-2024-0387?

CVE-2024-0387 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the ta...

How severe is CVE-2024-0387?

CVE-2024-0387 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-0387?

Check the references section above for vendor advisories and patch information. Affected products include: Moxa Eds-4008 Firmware, Moxa Eds-4008, Moxa Eds-4009 Firmware, Moxa Eds-4009, Moxa Eds-4012 Firmware.