← Back

Edr G903 Firmware

edr-g903_firmware

Vendor: Moxa • 10 CVEs

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-4452
1Moxa
8Edr 810 2gsfp T Firmware
Edr 810 2gsfp FirmwareEdr 810 Vpn 2gsfp T Firmware+5 more
Jun 17, 2026
Nov 1, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, p...Show more
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. Show less
CVE-2020-28144
1Moxa
8Edr 810 2gsfp T Firmware
Edr 810 2gsfp FirmwareEdr 810 Vpn 2gsfp T Firmware+5 more
Jun 17, 2026
Feb 3, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or...Show more
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.Show less
CVE-2020-14511
1Moxa
4Edr G902 T Firmware
Edr G902 FirmwareEdr G903 T Firmware+1 more
Jun 17, 2026
Jul 15, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
CVE-2016-0879
1Moxa
1Edr G903 Firmware
May 6, 2026
May 31, 2016
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting thes...Show more
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.Show less
CVE-2016-0878
1Moxa
1Edr G903 Firmware
May 6, 2026
May 31, 2016
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVE-2016-0877
1Moxa
1Edr G903 Firmware
May 6, 2026
May 31, 2016
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVE-2016-0876
1Moxa
1Edr G903 Firmware
May 6, 2026
May 31, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2016-0875
1Moxa
1Edr G903 Firmware
May 6, 2026
May 31, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVE-2012-4712
1Moxa
1Edr G903 Firmware
Apr 29, 2026
Feb 15, 2013
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
CVE-2012-4694
1Moxa
2Edr G903
Edr G903 Firmware
Apr 29, 2026
Feb 15, 2013
N/A· v4
N/A· v3
7.6 HIGH· v2
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-se...Show more
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.Show less