CVE-2020-6989
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
Affected (55)
Products: Moxa: Pt 7528 24tx Hv Firmware, Pt 7528 24tx Hv Hv Firmware, Pt 7528 24tx Wv Firmware, Pt 7528 24tx Wv Hv Firmware, Pt 7528 24tx Wv Wv Firmware, Pt 7528 12msc 12tx 4gsfp Hv Firmware, Pt 7528 12msc 12tx 4gsfp Hv Hv Firmware, Pt 7528 12msc 12tx 4gsfp Wv Firmware, Pt 7528 12msc 12tx 4gsfp Wv Wv Firmware, Pt 7528 12mst 12tx 4gsfp Hv Firmware, Pt 7528 12mst 12tx 4gsfp Hv Hv Firmware, Pt 7528 12mst 12tx 4gsfp Wv Firmware, Pt 7528 12mst 12tx 4gsfp Wv Wv Firmware, Pt 7528 16msc 8tx 4gsfp Hv Firmware, Pt 7528 16msc 8tx 4gsfp Hv Hv Firmware, Pt 7528 16msc 8tx 4gsfp Wv Firmware, Pt 7528 16msc 8tx 4gsfp Wv Wv Firmware, Pt 7528 16mst 8tx 4gsfp Hv Firmware, Pt 7528 16mst 8tx 4gsfp Hv Hv Firmware, Pt 7528 16mst 8tx 4gsfp Wv Firmware, Pt 7528 16mst 8tx 4gsfp Wv Wv Firmware, Pt 7528 20msc 4tx 4gsfp Hv Firmware, Pt 7528 20msc 4tx 4gsfp Hv Hv Firmware, Pt 7528 20msc 4tx 4gsfp Wv Firmware, Pt 7528 20msc 4tx 4gsfp Wv Wv Firmware, Pt 7528 20mst 4tx 4gsfp Hv Firmware, Pt 7528 20mst 4tx 4gsfp Hv Hv Firmware, Pt 7528 20mst 4tx 4gsfp Wv Firmware, Pt 7528 20mst 4tx 4gsfp Wv Wv Firmware, Pt 7528 8msc 16tx 4gsfp Hv Firmware, Pt 7528 8msc 16tx 4gsfp Hv Hv Firmware, Pt 7528 8msc 16tx 4gsfp Wv Firmware, Pt 7528 8msc 16tx 4gsfp Wv Wv Firmware, Pt 7528 8mst 16tx 4gsfp Hv Firmware, Pt 7528 8mst 16tx 4gsfp Hv Hv Firmware, Pt 7528 8mst 16tx 4gsfp Wv Firmware, Pt 7528 8mst 16tx 4gsfp Wv Wv Firmware, Pt 7528 8ssc 16tx 4gsfp Hv Hv Firmware, Pt 7528 8ssc 16tx 4gsfp Wv Wv Firmware, Pt 7828 F 24 Firmware, Pt 7828 F 24 24 Firmware, Pt 7828 F 24 Hv Firmware, Pt 7828 F 48 Firmware, Pt 7828 F 48 48 Firmware, Pt 7828 F 48 Hv Firmware, Pt 7828 F Hv Firmware, Pt 7828 F Hv Hv Firmware, Pt 7828 R 24 Firmware, Pt 7828 R 24 24 Firmware, Pt 7828 R 24 Hv Firmware, Pt 7828 R 48 Firmware, Pt 7828 R 48 48 Firmware, Pt 7828 R 48 Hv Firmware, Pt 7828 R Hv Firmware, Pt 7828 R Hv Hv Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 24tx Hv | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 24tx Hv Hv | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 24tx Wv | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 24tx Wv Hv | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 24tx Wv Wv | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12msc 12tx 4gsfp Hv | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12msc 12tx 4gsfp Hv Hv | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12msc 12tx 4gsfp Wv | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12msc 12tx 4gsfp Wv Wv | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12mst 12tx 4gsfp Hv | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12mst 12tx 4gsfp Hv Hv | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12mst 12tx 4gsfp Wv | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 12mst 12tx 4gsfp Wv Wv | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16msc 8tx 4gsfp Hv | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16msc 8tx 4gsfp Hv Hv | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16msc 8tx 4gsfp Wv | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16msc 8tx 4gsfp Wv Wv | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16mst 8tx 4gsfp Hv | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16mst 8tx 4gsfp Hv Hv | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16mst 8tx 4gsfp Wv | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 16mst 8tx 4gsfp Wv Wv | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20msc 4tx 4gsfp Hv | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20msc 4tx 4gsfp Hv Hv | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20msc 4tx 4gsfp Wv | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20msc 4tx 4gsfp Wv Wv | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20mst 4tx 4gsfp Hv | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20mst 4tx 4gsfp Hv Hv | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20mst 4tx 4gsfp Wv | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 20mst 4tx 4gsfp Wv Wv | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8msc 16tx 4gsfp Hv | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8msc 16tx 4gsfp Hv Hv | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8msc 16tx 4gsfp Wv | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8msc 16tx 4gsfp Wv Wv | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8mst 16tx 4gsfp Hv | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8mst 16tx 4gsfp Hv Hv | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8mst 16tx 4gsfp Wv | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8mst 16tx 4gsfp Wv Wv | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8ssc 16tx 4gsfp Hv Hv | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 4.0 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7528 8ssc 16tx 4gsfp Wv Wv | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 24 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 24 24 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 24 Hv | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 48 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 48 48 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F 48 Hv | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F Hv | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 F Hv Hv | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 24 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 24 24 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 24 Hv | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 48 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 48 48 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R 48 Hv | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R Hv | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.9 |
| Running on/with | Platform Versions |
|---|---|
Moxa Pt 7828 R Hv Hv | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.