As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Sign In
Home Support Security Advisories CVE-2002-20001: Resource Exhaustion Vulnerability in Diffie-Hellman Key Exchange Protocol

Product support

Security Advisories

Please sign in

Forgot your password?
Sign In
Remember Me.
Not a member? Sign up now
SUMMARY

CVE-2002-20001: Resource Exhaustion Vulnerability in Diffie-Hellman Key Exchange Protocol

  • Security Advisory ID: MPSA-258261
  • Version: V1.1
  • Release Date: Jun 02, 2025
  • Reference:

    CVE-2002-20001 (MITRE) 

A resource exhaustion vulnerability, CVE-2002-20001, exists in the implementation of the Diffie-Hellman key exchange protocol.  

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys and trigger expensive server-side DHE modular-exponentiation calculations, also known as a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive where a client can require a server to select its largest supported key size. The basic attack scenario requires the client to claim DHE-only communication capabilities, and the server must be configured to permit DHE. 

This vulnerability affects any product or service that accepts DHE cipher suites. To mitigate the risk, Moxa has released solutions for the affected products. We recommend applying the appropriate solutions immediately. 

The Identified Vulnerability Type and Potential Impact 

CVE ID Vulnerability Type Impact
CVE-2002-20001

CWE-400: Uncontrolled Resource Consumption 

 An attacker can force the server to perform high-cost modular exponentiation operations. This leads to significant CPU usage on the server side, potentially degrading service availability or resulting in a complete denial of service. 

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
 Severity

Unauthenticated

Remote Exploits
CVE-2002-20001 

CVSS:3.1: 7.5 

AV:N/AC:L/PR:N/UI:N/S:U/ C:N/I:N/A:H 

 High  Yes 
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address this vulnerability. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions

EDS-400 Series

  • EDS-405A Series
  • EDS-408A Series

Firmware

  • v3.14 and earlier
  • v3.14 and earlier

Firmware

EDS-500 Series

  • EDS-505A Series
  • EDS-508A Series
  • EDS-510A Series
  • EDS-516A Series
  • EDS-518A Series
  • EDS-G509 Series
  • EDS-P510A Series

Firmware

  • v3.11 and earlier
  • v3.11 and earlier
  • v3.12 and earlier
  • v3.11 and earlier
  • v3.11 and earlier
  • v3.10 and earlier
  • v3.11 and earlier

Firmware

EDS-600 Series

  • EDS-608 Series
  • EDS-611 Series
  • EDS-616 Series
  • EDS-619 Series

Firmware

  • v3.12 and earlier
  • v3.12 and earlier
  • v3.12 and earlier
  • v3.12 and earlier

Firmware

EDS-500E Series

  • EDS-510E Series
  • EDS-518E Series
  • EDS-528E Series
  • EDS-G508E Series
  • EDS-G512E Series
  • EDS-G516E Series
  • EDS-P506E Series

Firmware

  • v5.6 and earlier
  • v6.4 and earlier
  • v6.4 and earlier
  • v6.5 and earlier
  • v6.5 and earlier
  • v6.5 and earlier
  • v5.9 and earlier

Firmware

ICS Series

  • ICS-G7526A Series
  • ICS-G7528A Series
  • ICS-G7748A Series
  • ICS-G7750A Series
  • ICS-G7752A Series
  • ICS-G7826A Series
  • ICS-G7828A Series
  • ICS-G7848A Series
  • ICS-G7850A Series
  • ICS-G7852A Series

Firmware

  • v5.11 and earlier
  • v5.11 and earlier
  • v5.10 and earlier
  • v5.10 and earlier
  • v5.10 and earlier
  • v5.11 and earlier
  • v5.11 and earlier
  • v5.10 and earlier
  • v5.10 and earlier
  • v5.10 and earlier

Firmware

IKS Series

  • IKS-6726A Series
  • IKS-6728A Series
  • IKS-G6524A Series
  • IKS-G6824A Series

Firmware

  • v5.10 and earlier
  • v5.10 and earlier
  • v5.11 and earlier
  • v5.11 and earlier

Firmware

MDS Series

  • MDS-G4012 Series
  • MDS-G4012-4XGS Series
  • MDS-G4012-L3 Series
  • MDS-G4012-L3-4XGS Series
  • MDS-G4020 Series
  • MDS-G4020-4XGS Series
  • MDS-G4020-L3 Series
  • MDS-G4020-L3-4XGS Series
  • MDS-G4028 Series
  • MDS-G4028-4XGS Series
  • MDS-G4028-L3 Series
  • MDS-G4028-L3-4XGS Series

Firmware

  • v4.0 and earlier

Firmware

RKS Series

  • RKS-G4028 Series
  • RKS-G4028-L3 Series

Firmware

  • v4.0 and earlier

Firmware

 

Mitigations

To mitigate the risks associated with this vulnerability, we recommend the following actions:

  • Refer to the General Security Recommentations section to further strengthen your security posture.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release June 2, 2025
1.1 Add Solutions for EDS, ICS, IKS, MDS, RKS Series November 3, 2025

Relevant Products

EDS-405A Series · EDS-408A Series · EDS-505A Series · EDS-508A Series · EDS-510A Series · EDS-510E Series · EDS-516A Series · EDS-518A Series · EDS-518E Series · EDS-528E Series · EDS-608 Series · EDS-611 Series · EDS-616 Series · EDS-619 Series · EDS-G508E Series · EDS-G509 Series · EDS-G512E Series · EDS-G516E Series · EDS-P506E Series · EDS-P510A Series · ICS-G7526A Series · ICS-G7528A Series · ICS-G7748A Series · ICS-G7750A Series · ICS-G7752A Series · ICS-G7826A Series · ICS-G7828A Series · ICS-G7848A Series · ICS-G7850A Series · ICS-G7852A Series · IKS-6726A Series · IKS-6728A Series · IKS-G6524A Series · IKS-G6824A Series · MDS-G4012 Series · MDS-G4012-4XGS Series · MDS-G4012-L3 Series · MDS-G4012-L3-4XGS Series · MDS-G4020 Series · MDS-G4020-4XGS Series · MDS-G4020-L3 Series · MDS-G4020-L3-4XGS Series · MDS-G4028 Series · MDS-G4028-4XGS Series · MDS-G4028-L3 Series · MDS-G4028-L3-4XGS Series · RKS-G4028 Series · RKS-G4028-L3 Series ·

  •   Print this page

  • Save
    You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

Do Not Share My Personal Information

To opt out of sharing your personal information for cross-context behavioral advertising, you can complete and submit the form provided below.


Please note that even if you choose to complete the form, you may still see our ads on other websites. However, these ads may not be as relevant to you as they would be if you had not opted out.

 
 
Added To Bag

View Bag
You have some items waiting in your bag; click here to finish your quote!

You are currently on the Global / English site.
Would you like to go to the site for your region?

Feedback