CVE-2023-4452

Published: Nov 1, 2023Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

Affected (8)

Products: Moxa: Edr G903 Firmware, Edr G903 T Firmware, Edr G902 Firmware, Edr G902 T Firmware, Edr 810 Vpn 2gsfp Firmware, Edr 810 Vpn 2gsfp T Firmware, Edr 810 2gsfp Firmware, Edr 810 2gsfp T Firmware

8 products

Edr 810 Vpn 2gsfp Firmware

Edr 810 Vpn 2gsfp T Firmware

Edr 810 2gsfp Firmware

Edr 810 2gsfp T Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G903 Firmware	Before 5.7.21

Running on/with	Platform Versions
Moxa Edr G903	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G903 T Firmware	Before 5.7.21

Running on/with	Platform Versions
Moxa Edr G903 T	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G902 Firmware	Before 5.7.21

Running on/with	Platform Versions
Moxa Edr G902	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr G902 T Firmware	Before 5.7.21

Running on/with	Platform Versions
Moxa Edr G902 T	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 Vpn 2gsfp Firmware	Before 5.12.29

Running on/with	Platform Versions
Moxa Edr 810 Vpn 2gsfp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 Vpn 2gsfp T Firmware	Before 5.12.29

Running on/with	Platform Versions
Moxa Edr 810 Vpn 2gsfp T	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 2gsfp Firmware	Before 5.12.29

Running on/with	Platform Versions
Moxa Edr 810 2gsfp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Edr 810 2gsfp T Firmware	Before 5.12.29

Running on/with	Platform Versions
Moxa Edr 810 2gsfp T	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability

Source: psirt@moxa.com

Vendor Advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.