As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

CVE-2020-11868: NTP Vulnerability in Ethernet Switches

This security advisory addresses a vulnerability identified in Ethernet switches.

CVE-2020-11868

The Network Time Protocol daemon (ntpd) in the Network Time Protocol (NTP) before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (Source: cve.org)

Since this issue is considered a high severity, users should immediately apply the solutions to mitigate associated security risks.

 

The Identified Vulnerability Type and Potential Impact 

CVE ID Vulnerability Type Impact
CVE-2020-11868

CWE-346: Origin Validation Error

An off-path attacker may block unauthenticated synchronization via a server mode packet with a spoofed source IP address

Vulnerability Scoring Details 

CVE ID
Base Score
Vector
Severity

Unauthenticated

Remote Exploits

CVE-2020-11868

CVSS 3.1: 7.5

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

High Yes
AFFECTED PRODUCTS AND SOLUTIONS

Solutions

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are listed in the following table: 

Product Series Affected Versions Solutions

PT Series

  • PT-508 Series
  • PT-510 Series
  • PT-7528 Series
  • PT-7728 Series
  • PT-7828 Series
  • PT-G503 Series
  • PT-G510 Series

Firmware

  • v3.8 and earlier
  • v3.8 and earlier
  • v5.0 and earlier
  • v3.9 and earlier
  • v4.0 and earlier
  • v5.3 and earlier
  • v6.5 and earlier

Please contact Moxa Technical Support for the security patch

  • v3.8.12
  • v3.8.12
  • v5.0.34
  • v3.9.6
  • v4.0.8
  • v5.3.12
  • v6.5.22

PT Series

  • PT-G7728 Series
  • PT-G7828 Series

Firmware

  • v6.5 and earlier
  • v6.5 and earlier

Firmware

EDS-400 Series

  • EDS-405A Series
  • EDS-408A Series

Firmware

  • v3.16 and earlier
  • v3.15 and earlier

Firmware

EDS-500 Series

  • EDS-505A Series
  • EDS-508A Series
  • EDS-510A Series
  • EDS-516A Series
  • EDS-518A Series
  • EDS-G509 Series
  • EDS-P510A Series

Firmware

  • v3.12 and earlier
  • v3.12 and earlier
  • v3.13 and earlier
  • v3.13 and earlier
  • v3.13 and earlier
  • v3.11 and earlier
  • v3.13 and earlier

Firmware

EDS-600 Series

  • EDS-608 Series
  • EDS-611 Series
  • EDS-616 Series
  • EDS-619 Series

Firmware

  • v3.13 and earlier
  • v3.13 and earlier
  • v3.13 and earlier
  • v3.13 and earlier

Firmware

EDS-500E Series

  • EDS-510E Series
  • EDS-518E Series
  • EDS-528E Series
  • EDS-G508E Series
  • EDS-G512E Series
  • EDS-G516E Series
  • EDS-P506E Series
All firmware versions

Supports NTP authentication to mitigate the risk.

Please refer to Mitigations for more information.

ICS Series

  • ICS-G7526A Series
  • ICS-G7528A Series
  • ICS-G7748A Series
  • ICS-G7750A Series
  • ICS-G7752A Series
  • ICS-G7826A Series
  • ICS-G7828A Series
  • ICS-G7848A Series
  • ICS-G7850A Series
  • ICS-G7852A Series
All firmware versions

Supports NTP authentication to mitigate the risk.

Please refer to Mitigations for more information.

IKS Series

  • IKS-6726A Series
  • IKS-6728A Series
  • IKS-G6524A Series
  • IKS-G6824A Series
All firmware versions

Supports NTP authentication to mitigate the risk.

Please refer to Mitigations for more information.

SDS Series

  • SDS-3006 Series
  • SDS-3008 Series
  • SDS-3010 Series
  • SDS-3016 Series
  • SDS-G3006 Series
  • SDS-G3008 Series
  • SDS-G3010 Series
  • SDS-G3016 Series
All firmware versions

Supports NTP authentication to mitigate the risk.

Please refer to Mitigations for more information.

 

Mitigations

For users who may not be able to perform a firmware update, we provide the following recommended mitigation measures as an alternative to mitigate the risk associated with the vulnerability.

  • For products supports NTP authentication, enable NTP authentication and configure the device to synchronize only with trusted authenticated NTP servers. Using NTP authentication can help prevent spoofed NTP packets from interfering with time synchronization. Refer to NTP.org : https://www.ntp.org/support/securitynotice/ntpbug3592/
  • Refer to the General Security Recommendations section to further strengthen your security context.

 

General Security Recommendations

To safeguard devices and networks, we recommend implementing the following recommendations to mitigate potential risks:

  1. Restrict Network Access
    • Use firewalls or access control lists (ACLs) to limit communication to trusted IP addresses and networks.
    • Segregate operational networks from other networks (e.g., enterprise networks) using VLANs or physical separation.
  2. Minimize Exposure
    • Avoid exposing devices directly to the Internet.
    • Disable unused network services and ports to reduce the attack surface.
  3. Enhance Device Authentication and Access Control
    • Implement multi-factor authentication (MFA) for accessing critical systems.
    • Use role-based access control (RBAC) to enforce the principle of least privilege.
  4. Regularly Update Firmware and Software
    • Keep devices updated with the latest firmware versions and security patches.
    • Establish a regular patch management schedule to address newly identified vulnerabilities.
  5. Secure Remote Access
    • Use encrypted communication protocols (e.g., VPN, SSH) for remote access.
    • Restrict remote access to authorized personnel only and enforce strong authentication mechanisms.
  6. Implement Anomaly Detection Techniques
    • Monitor network traffic and device behavior for unusual or unauthorized activities.
    • Use tools or techniques that can identify anomalies and provide alerts for potential threats.
  7. Implement Logging and Monitoring
    • Enable event logging and maintain audit trails on devices.
    • Regularly review logs for anomalies and unauthorized access attempts.
  8. Conduct Regular Security Assessments
    • Perform vulnerability assessments to identify potential risks.
    • Regularly review device configurations to ensure compliance with security policies.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First release April 20, 2026
1.1 Add Solutions and Mitigations for EDS, ICS, IKS, SDS Series July 13, 2026

Relevant Products

EDS-405A Series · EDS-408A Series · EDS-505A Series · EDS-508A Series · EDS-510A Series · EDS-510E Series · EDS-516A Series · EDS-518A Series · EDS-518E Series · EDS-528E Series · EDS-608 Series · EDS-611 Series · EDS-616 Series · EDS-619 Series · EDS-G508E Series · EDS-G509 Series · EDS-G512E Series · EDS-G516E Series · EDS-P506E Series · EDS-P510A Series · ICS-G7526A Series · ICS-G7528A Series · ICS-G7748A Series · ICS-G7750A Series · ICS-G7752A Series · ICS-G7826A Series · ICS-G7828A Series · ICS-G7848A Series · ICS-G7850A Series · ICS-G7852A Series · PT-508 Series · PT-510 Series · PT-7528 Series · PT-7728 Series · PT-7828 Series · PT-G503 Series · PT-G510 Series · PT-G7728 Series · PT-G7828 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
You have some items waiting in your bag; click here to finish your quote!
Feedback