CVE-2020-28144
CRITICALMoxa EDR-G903/G902/810 Firmware - Remote Code Execution via Memory Buffer Overflow
Title source: llmDescription
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secure-router-vulnerability
Scores
CVSS v3
9.8
EPSS
0.0278
EPSS Percentile
86.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (8)
moxa/edr-810-2gsfp-t_firmware
< 5.6
moxa/edr-810-2gsfp_firmware
< 5.6
moxa/edr-810-vpn-2gsfp-t_firmware
< 5.6
moxa/edr-810-vpn-2gsfp_firmware
< 5.6
moxa/edr-g902-t_firmware
< 5.5
moxa/edr-g902_firmware
< 5.5
moxa/edr-g903-t_firmware
< 5.5
moxa/edr-g903_firmware
< 5.5
Published
Feb 03, 2021
Tracked Since
Feb 18, 2026