CVE-2020-28144
published 2021-02-03CVE-2020-28144: Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moxa | edr-810-2gsfp-t_firmware | <= 5.6 | — |
| moxa | edr-810-2gsfp_firmware | <= 5.6 | — |
| moxa | edr-810-vpn-2gsfp-t_firmware | <= 5.6 | — |
| moxa | edr-810-vpn-2gsfp_firmware | <= 5.6 | — |
| moxa | edr-g902-t_firmware | <= 5.5 | — |
| moxa | edr-g902_firmware | <= 5.5 | — |
| moxa | edr-g903-t_firmware | <= 5.5 | — |
| moxa | edr-g903_firmware | <= 5.5 | — |