Product support

Security Advisories

SUMMARY

EDS-405A Series Ethernet Switches Vulnerabilities

  • Version: V1.0
  • Release Date: Nov 07, 2019
  • Reference:
    • CNVD-2019-116145, CNVD-2019-122728
Multiple product vulnerabilities were identified in Moxa’s EDS-405A Series Ethernet Switches. In response to this, Moxa has developed related solutions to address these vulnerabilities.
 
The identified vulnerability types and potential impacts are shown below:
Item Vulnerability Type Impact
1 Denial of Service (web service) by improper HTTP GET command To exploit this vulnerability, the attacker may cause the targeted device to go out of service. This can cause authorized users to be unable to access the device. The vulnerability occurs because the packet payload size was not checked.
2 Denial of Service (web service) by excessive length of HTTP GET command To exploit this vulnerability, the attacker may cause the targeted device to go out of service. This can cause authorized users to be unable to access the device. The vulnerability occurs because the packet payload size was not checked.
AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
EDS-405A Series Firmware Version 3.8 or lower

 

Solutions:

Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.

Product Series Solutions
EDS-405A Series Please contact Moxa Technical Support for the security patch.

 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Nov 07, 2019

Relevant Products

EDS-405A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag