Affected Products:
The affected products and firmware versions are shown below.
Product Series |
Affected Versions |
AWK-3131A Series |
Firmware Version 1.16 or lower. |
AWK-4131A Series |
Firmware Version 1.16 or lower. |
AWK-1131A Series |
Firmware Version 1.22 or lower. |
AWK-1137C Series |
Firmware Version 1.6 or lower. |
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series |
Solutions |
AWK-3131A Series
AWK-4131A Series
AWK-1131A Series
AWK-1137C Series |
For item 1: Users can disable the HTTP console and enable HTTPs by device configuration.
For items 2 to 5: Users can disable the Moxa Service console by configuring the device.
For item 6: Please upgrade to the latest firmware.
For item 7: We recommend users download firmware from Moxa.com or another trusted source. We also provide SHA-512 checksum for firmware integrity check. |
Acknowledgment:
We would like to express our appreciation to Jake Baines from Dragos for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers
Revision History:
VERSION |
DESCRIPTION |
RELEASE DATE |
1.0 |
First Release |
Dec 30, 2021 |