Lucene search

[email protected]CVE-2023-4452

HistoryNov 01, 2023 - 3:15 p.m.

CVE-2023-4452

2023-11-0115:15:08

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-4452

edr-810

edr-g902

edr-g903

vulnerability

denial-of-service

input validation

uri

device reboot

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

JSON

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

Affected configurations

NVD

Node

moxaedr-g903Match-

AND

moxaedr-g903_firmwareRange<5.7.21

Node

moxaedr-g903-tMatch-

AND

moxaedr-g903-t_firmwareRange<5.7.21

Node

moxaedr-g902Match-

AND

moxaedr-g902_firmwareRange<5.7.21

Node

moxaedr-g902-tMatch-

AND

moxaedr-g902-t_firmwareRange<5.7.21

Node

moxaedr-810-vpn-2gsfpMatch-

AND

moxaedr-810-vpn-2gsfp_firmwareRange<5.12.29

Node

moxaedr-810-vpn-2gsfp-tMatch-

AND

moxaedr-810-vpn-2gsfp-t_firmwareRange<5.12.29

Node

moxaedr-810-2gsfpMatch-

AND

moxaedr-810-2gsfp_firmwareRange<5.12.29

Node

moxaedr-810-2gsfp-tMatch-

AND

moxaedr-810-2gsfp-t_firmwareRange<5.12.29

CPENameOperatorVersion
moxa:edr-g903_firmwaremoxa edr-g903 firmwarelt5.7.21

CPE	Name	Operator	Version
moxa:edr-g903_firmware	moxa edr-g903 firmware	lt	5.7.21

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EDR-810 Series ",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.12.28",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR G902 Series ",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.7.20",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EDR G903 Series ",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "5.7.20",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.9%

JSON

Related for CVE-2023-4452

nessus1 cvelist1 prion1 nvd1