CVE-2020-14511

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 54.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edr-g902-t Firmware Moxa Edr-g902 Firmware Moxa Edr-g903-t Firmware +1 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5edr-g902_and_edr-g903_series_routersVersions prior to 5.4

▶NVDmoxa/edr-g902_firmware5.4

▶NVDmoxa/edr-g903_firmware5.4

▶NVDmoxa/edr-g902-t_firmware5.4

▶NVDmoxa/edr-g903-t_firmware5.4

🔴Vulnerability Details

GHSA

GHSA-3pp4-hx37-v55w: Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Se↗2022-05-24

▶

CVEList

CVE-2020-14511: Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Se↗2020-07-15

▶