As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories


EDR-810 Series Secure Router Vulnerabilities

  • Security Advisory ID: MPSA-210302
  • Version: V1.0
  • Release Date: Mar 23, 2021
  • Reference:
    • CVE-2014-2284, CVE-2015-1788, CVE-2016-10012, CVE-2015-3195, CVE-2016-6515, CVE-2017-17562, CVE-2013-0169, CVE-2016-0703, CVE-2013-1813, CVE-2010-2156
    • BDU:2015-07052, BDU:2015-11035, BDU:2017-00350, BDU:2016-01654, BDU:2018-00117, BDU:2018-00118, BDU:2015-09702, BDU:2016-00629, BDU:2015-09676, BDU:2018-00784

Multiple product vulnerabilities were identified in Moxa’s EDR-810 industrial secure router. In response to this, Moxa has developed related solutions to address the vulnerability.

The identified vulnerability types and potential impacts are shown below:

Item Vulnerability Type Impact
1 Improper Input Validation
CVE-2014-2284, BDU:2015-07052
Crafted packets could potentially stop the SNMP operation of the EDR-810 series.
2 Resource Management Errors
CVE-2015-1788, BDU:2015-11035
Malformed binary polynomial field allows remote attackers to cause a denial of service.
3 Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10012, BDU:2017-00350
SSH connection might allow local users to gain privileges by leveraging access to a sandboxed privilege-separation process.
4 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3195, BDU:2016-01654
Malformed data might allow remote attackers to obtain sensitive information from process memory by triggering a decoding failure.
5 Improper Input Validation
CVE-2016-6515, BDU:2018-00117
Crafted string for password authentication might allow remote attackers to cause a denial of service.
6 Improper Input Validation
CVE-2017-17562, BDU:2018-00118
Crafted HTTP request might allow remote code execution.
7 Cryptographic Issues
CVE-2013-0169, BDU:2015-09702
Out-of-date TLS protocol might allow remote attackers to conduct distinguishing attacks and plaintext-recovery attacks.
8 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0703, BDU:2016-00629
Out-of-date SSL protocol might allow man-in-the-middle attackers to decrypt TLS ciphertext data.
9 Permissions, Privileges, and Access Controls
CVE-2013-1813, BDU:2015-09676
Improper operation of authorized users may cause local users to have unknown impact and attack vectors via console.
10 Numeric Errors
CVE-2010-2156, BDU:2018-00784
Crafted DHCP packets might allow remote attackers to cause a denial of service.

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDR-810 Series For item 1: Firmware Version 5.7 or lower versions
For item 2 to 10: Firmware Version 5.1 or lower versions



Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDR-810 Series For item 1: Please upgrade to firmware version 5.8 or higher versions. (Download Link)
For item 2 to 10, Please upgrade to firmware version 5.3 or higher versions. (Download Link)


We would like to express our appreciation to BDU FSTEC for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

Revision History:

1.0 First Release Mar 23, 2021

Relevant Products

EDR-810 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!