CVE-2023-4452

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:edr-g903_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:moxa:edr-g903-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-g903-t:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:moxa:edr-g902_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:moxa:edr-g902-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-g902-t:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:moxa:edr-810-vpn-2gsfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-810-vpn-2gsfp:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:moxa:edr-810-vpn-2gsfp-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-810-vpn-2gsfp-t:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:moxa:edr-810-2gsfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-810-2gsfp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:moxa:edr-810-2gsfp-t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:edr-810-2gsfp-t:-:*:*:*:*:*:*:*

History

09 Nov 2023, 16:46

Type	Values Removed	Values Added
References	~~(MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability -~~	(MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability - Vendor Advisory
CPE		cpe:2.3:h:moxa:edr-810-2gsfp-t:-:::::::* cpe:2.3:h:moxa:edr-810-vpn-2gsfp:-:::::::* cpe:2.3:o:moxa:edr-g903-t_firmware:::::::: cpe:2.3:o:moxa:edr-810-2gsfp_firmware:::::::: cpe:2.3:h:moxa:edr-810-vpn-2gsfp-t:-:::::::* cpe:2.3:h:moxa:edr-g902-t:-:::::::* cpe:2.3:h:moxa:edr-g903-t:-:::::::* cpe:2.3:o:moxa:edr-g902-t_firmware:::::::: cpe:2.3:h:moxa:edr-810-2gsfp:-:::::::* cpe:2.3:o:moxa:edr-810-vpn-2gsfp_firmware:::::::: cpe:2.3:h:moxa:edr-g902:-:::::::* cpe:2.3:o:moxa:edr-810-2gsfp-t_firmware:::::::: cpe:2.3:o:moxa:edr-g903_firmware:::::::: cpe:2.3:o:moxa:edr-810-vpn-2gsfp-t_firmware:::::::: cpe:2.3:o:moxa:edr-g902_firmware:::::::: cpe:2.3:h:moxa:edr-g903:-:::::::*
CWE		CWE-120
First Time		Moxa edr-g903-t Moxa edr-810-vpn-2gsfp-t Moxa edr-810-vpn-2gsfp-t Firmware Moxa edr-810-2gsfp Moxa edr-g903 Firmware Moxa edr-g902-t Moxa edr-g902 Moxa edr-810-2gsfp-t Moxa edr-g903 Moxa edr-810-2gsfp-t Firmware Moxa edr-810-vpn-2gsfp Moxa Moxa edr-g902-t Firmware Moxa edr-810-2gsfp Firmware Moxa edr-g902 Firmware Moxa edr-810-vpn-2gsfp Firmware Moxa edr-g903-t Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

01 Nov 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-01 15:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4452

Mitre link : CVE-2023-4452

CVE.ORG link : CVE-2023-4452

JSON object : View

Products Affected

moxa

edr-810-vpn-2gsfp-t
edr-810-2gsfp
edr-g902_firmware
edr-g903
edr-810-2gsfp-t_firmware
edr-g903-t
edr-810-2gsfp-t
edr-810-vpn-2gsfp_firmware
edr-810-vpn-2gsfp
edr-g902
edr-g903_firmware
edr-g902-t_firmware
edr-g903-t_firmware
edr-g902-t
edr-810-vpn-2gsfp-t_firmware
edr-810-2gsfp_firmware

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

7.5 /10