A vulnerability has been found in libssh’s server-side state machine in versions 0.7.6 and 0.8.4 and prior. This vulnerability (CVE-2018-10933) is due to improper authentication operation and it allows a remote attacker to bypass authentication on the target system.
After checking our products for this vulnerability, we have concluded that none of our products have been affected by this vulnerability.
Moxa's Cyber Security Response Team (CSRT) is fully engaged in this matter and we are taking appropriate action. If there are any updates to the status of the vulnerabilities or how these affect Moxa's products, we will provide an update immediately.