Product support

Security Advisories

SUMMARY

EDR-810 Series Secure Routers Vulnerabilities

  • Version: V1.0
  • Release Date: Sep 30, 2019
  • Reference:
    • CVE-2019-10969, CVE-2019-10963

Two product vulnerabilities were identified in Moxa’s EDR-810 Series secure routers. In response to this, Moxa has developed related solutions to address these vulnerabilities.

The identified vulnerability types and potential impacts are shownbelow:

Item Vulnerability Type Impact
1 Improper Input Validation
(CWE-20, CVE-2019-10969)
Improper input on the web console via the Admin or ConfigAdmin account allows unauthorized commands to be performed on the router.
2 Improper Access Control
(CWE-284, CVE-2019-10963)
The log information may be retrieved by an unauthenticated attacker, which may allow sensitive information to be disclosed.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected product and firmware versions are shown below:

Product Series Affected Versions
EDR-810 Series Firmware Version 5.1 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDR-810 Series Please download the new firmware/software here.

 

Acknowledgment:

We would like to express our appreciation to Guillaume Lopes of Randorisec for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Sep 30, 2019

Relevant Products

EDR-810 Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag