CVE-2020-28144

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.8CRITICAL

EPSS

2.8%

top 13.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edr-810-2gsfp-t Firmware Moxa Edr-810-2gsfp Firmware Moxa Edr-810-vpn-2gsfp-t Firmware +5 more

Timeline

PublishedFeb 3

Latest updateMay 24

Description

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDmoxa/edr-g902_firmware5.5

▶NVDmoxa/edr-g903_firmware5.5

▶NVDmoxa/edr-g902-t_firmware5.5

▶NVDmoxa/edr-g903-t_firmware5.5

▶NVDmoxa/edr-810-2gsfp_firmware5.6

🔴Vulnerability Details

GHSA

GHSA-hvcx-w6jp-qm72: Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5↗2022-05-24

▶

CVEList

CVE-2020-28144: Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5↗2021-02-03

▶