CVE-2020-28144: Buffer Overflow
First published: Wed Feb 03 2021(Updated: )
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Edr-g903 Firmware | <=5.5 | |
| Moxa EDR-G903 | ||
| Moxa Edr-g903-t Firmware | <=5.5 | |
| Moxa Edr-g903-t | ||
| Moxa Edr-g902 Firmware | <=5.5 | |
| Moxa Edr-g902 | ||
| Moxa Edr-g902-t Firmware | <=5.5 | |
| Moxa Edr-g902-t | ||
| Moxa Edr-810-2gsfp Firmware | <=5.6 | |
| Moxa Edr-810-2gsfp | ||
| Moxa Edr-810-2gsfp-t Firmware | <=5.6 | |
| Moxa Edr-810-2gsfp-t | ||
| Moxa Edr-810-vpn-2gsfp Firmware | <=5.6 | |
| Moxa Edr-810-vpn-2gsfp | ||
| Moxa Edr-810-vpn-2gsfp-t Firmware | <=5.6 | |
| Moxa Edr-810-vpn-2gsfp-t |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28144?
CVE-2020-28144 is a vulnerability that affects certain Moxa Inc products running EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower.
What is the severity of CVE-2020-28144?
CVE-2020-28144 has a severity rating of 9.8 (critical).
How can CVE-2020-28144 be exploited?
CVE-2020-28144 can be exploited by sending crafted requests to the affected device, allowing remote arbitrary code execution.
Which Moxa Inc products are affected by CVE-2020-28144?
Moxa EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower are affected by CVE-2020-28144.
How can I fix CVE-2020-28144?
To fix CVE-2020-28144, update the firmware of the affected Moxa Inc products to a version higher than the vulnerable versions listed (5.5 for EDR-G903 and EDR-G902, 5.6 for EDR-810).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moxa
- canonical/moxa edr-g903 firmware
- version/moxa edr-g903 firmware/5.5
- canonical/moxa edr-g903
- canonical/moxa edr-g903-t firmware
- version/moxa edr-g903-t firmware/5.5
- canonical/moxa edr-g903-t
- canonical/moxa edr-g902 firmware
- version/moxa edr-g902 firmware/5.5
- canonical/moxa edr-g902
- canonical/moxa edr-g902-t firmware
- version/moxa edr-g902-t firmware/5.5
- canonical/moxa edr-g902-t
- canonical/moxa edr-810-2gsfp firmware
- version/moxa edr-810-2gsfp firmware/5.6
- canonical/moxa edr-810-2gsfp
- canonical/moxa edr-810-2gsfp-t firmware
- version/moxa edr-810-2gsfp-t firmware/5.6
- canonical/moxa edr-810-2gsfp-t
- canonical/moxa edr-810-vpn-2gsfp firmware
- version/moxa edr-810-vpn-2gsfp firmware/5.6
- canonical/moxa edr-810-vpn-2gsfp
- canonical/moxa edr-810-vpn-2gsfp-t firmware
- version/moxa edr-810-vpn-2gsfp-t firmware/5.6
- canonical/moxa edr-810-vpn-2gsfp-t