CVE-2023-4452: Web Server Buffer Overflow Vulnerability
First published: Wed Nov 01 2023(Updated: )
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Moxa Edr-g903 Firmware | <5.7.21 | |
| Moxa EDR-G903 | ||
| All of | ||
| Moxa Edr-g903-t Firmware | <5.7.21 | |
| Moxa Edr-g903-t | ||
| All of | ||
| Moxa Edr-g902 Firmware | <5.7.21 | |
| Moxa Edr-g902 | ||
| All of | ||
| Moxa Edr-g902-t Firmware | <5.7.21 | |
| Moxa Edr-g902-t | ||
| All of | ||
| Moxa Edr-810-vpn-2gsfp Firmware | <5.12.29 | |
| Moxa Edr-810-vpn-2gsfp | ||
| All of | ||
| Moxa Edr-810-vpn-2gsfp-t Firmware | <5.12.29 | |
| Moxa Edr-810-vpn-2gsfp-t | ||
| All of | ||
| Moxa Edr-810-2gsfp Firmware | <5.12.29 | |
| Moxa Edr-810-2gsfp | ||
| All of | ||
| Moxa Edr-810-2gsfp-t Firmware | <5.12.29 | |
| Moxa Edr-810-2gsfp-t |
Remedy
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below. * EDR-810 Series: Please upgrade to firmware v5.12.29 or later * EDR-G902 Series: Please upgrade to firmware v5.7.21 or later * EDR-G903 Series: Please upgrade to firmware v5.7.21 or later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-4452.
What is the severity of CVE-2023-4452?
The severity of CVE-2023-4452 is high with a severity value of 7.5.
Which software versions are affected by CVE-2023-4452?
The EDR-810, EDR-G902, and EDR-G903 Series with firmware versions up to exclusive 5.7.21 are affected by CVE-2023-4452.
How does CVE-2023-4452 affect the affected devices?
CVE-2023-4452 allows malicious users to trigger a denial-of-service vulnerability in the affected devices by exploiting insufficient input validation in the URI, potentially causing the devices to reboot.
How can I fix CVE-2023-4452?
To fix CVE-2023-4452, it is recommended to update the firmware of the affected devices to a version that is not vulnerable.
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/remedy
- agent/title
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/moxa
- canonical/moxa edr-g903 firmware
- canonical/moxa edr-g903
- canonical/moxa edr-g903-t firmware
- canonical/moxa edr-g903-t
- canonical/moxa edr-g902 firmware
- canonical/moxa edr-g902
- canonical/moxa edr-g902-t firmware
- canonical/moxa edr-g902-t
- canonical/moxa edr-810-vpn-2gsfp firmware
- canonical/moxa edr-810-vpn-2gsfp
- canonical/moxa edr-810-vpn-2gsfp-t firmware
- canonical/moxa edr-810-vpn-2gsfp-t
- canonical/moxa edr-810-2gsfp firmware
- canonical/moxa edr-810-2gsfp
- canonical/moxa edr-810-2gsfp-t firmware
- canonical/moxa edr-810-2gsfp-t