CVE-2020-28144

Published: Feb 3, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.

Affected (8)

Products: Moxa: Edr G903 Firmware, Edr G903 T Firmware, Edr G902 Firmware, Edr G902 T Firmware, Edr 810 2gsfp Firmware, Edr 810 2gsfp T Firmware, Edr 810 Vpn 2gsfp Firmware, Edr 810 Vpn 2gsfp T Firmware

8 products

Edr 810 2gsfp Firmware

Edr 810 2gsfp T Firmware

Edr 810 Vpn 2gsfp Firmware

Edr 810 Vpn 2gsfp T Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G903 Firmware	Up to 5.5

Running on/with	Platform Versions
Moxa Edr G903	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G903 T Firmware	Up to 5.5

Running on/with	Platform Versions
Moxa Edr G903 T	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G902 Firmware	Up to 5.5

Running on/with	Platform Versions
Moxa Edr G902	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G902 T Firmware	Up to 5.5

Running on/with	Platform Versions
Moxa Edr G902 T	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 2gsfp Firmware	Up to 5.6

Running on/with	Platform Versions
Moxa Edr 810 2gsfp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 2gsfp T Firmware	Up to 5.6

Running on/with	Platform Versions
Moxa Edr 810 2gsfp T	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 Vpn 2gsfp Firmware	Up to 5.6

Running on/with	Platform Versions
Moxa Edr 810 Vpn 2gsfp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 Vpn 2gsfp T Firmware	Up to 5.6

Running on/with	Platform Versions
Moxa Edr 810 Vpn 2gsfp T	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secure-router-vulnerability

Source: cve@mitre.org

Vendor Advisory

https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secure-router-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.