As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

Security Enhancements for PT-7528/7728/7828 Series – SNMP, Telnet, and SSL Certificate

To enhance the security of the product, users of PT-7528/7728/7828 Series should implement the mitigations described in User Manuel v9.9 to avoid the following security issues: 

SNMP 
 
  • SNMP Agent Default Community Name (public) 
  • SNMP ‘GETBULK’ Reflection DDoS 
Telnet 
 
  • Unencrypted Telnet Server 
SSL Certificate 
 
  • SSL Certificate Cannot Be Trusted 
  • SSL Certificate Chain Contains RSA Keys Less Than 2048 Bits 
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are listed below. 

Product Series Affected Versions
PT-7528 Series  Firmware version 5.0 and earlier versions 
PT-7728 Series  Firmware version 3.9 and earlier versions 
PT-7828 Series  Firmware version 4.0 and earlier versions 

 

Solutions:

Moxa has developed appropriate solutions to strengthen the security of the product. The solutions for the affected products are listed below. 

Product Series Solutions
PT-7528 Series  Refer to the Mitigations 
PT-7728 Series  Refer to the Mitigations 
PT-7828 Series  Refer to the Mitigations 

 

Mitigation:

Users of PT-7528/7728/7828 Series are advised to implement the following mitigations: 

  • SNMP 
    On page 35 of User Manuel v9.9, the NOTE states:  
    Community names default is "Public". To prevent DDoS attack, it should be changed instead of keeping the default name. 

  • Telnet 
    On page 76 of User Manuel v9.9, the NOTE in Management Interface states:  
    3. To avoid hackers from snooping confidential information, users should adopt encryption-based communication protocols, such as HTTPS instead of HTTP, SSH instead of Telnet, and SNMPv3 instead of SNMPv1/v2c.  

  • SSL Certificate 
    On page 79 of User Manuel v9.9, the SSL Certificate Management function enables users to import their own SSL certificates. 

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release January 9, 2025

Relevant Products

PT-7528 Series · PT-7728 Series · PT-7828 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback