Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Moxa EDR-810 Industrial Secure Router Security Vulnerabilities
Question Type Security Advisory
Updated 5/22/2018 9:07:07 AM
Hits 1
Products EDR-810 Series
Suggestions

Summary

On November 16th 2017, Moxa was contacted by Cisco's Talos Security Intelligence and Research Group (Cisco Talos) regarding security vulnerabilities in Moxa's EDR-810 Series Industrial Secure Routers.

The report can be seen here:
https://talosintelligence.com/vulnerability_reports#disclosed (TALOS-2017-0472 thru 0482 and TALOS-2017-0487)
https://blog.talosintelligence.com/2018/04/vuln-moxa-edr-810.html

The reported vulnerabilities for this product is as following:

Item Description Potential Impact
1 Web Server Ping Command Injection (TALOS-2017-0472) A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability
2 Web RSA Key Generation Command Injection (TALOS-2017-0473) A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
3 Web Server strcmp Multiple Denial of Service (TALOS-2017-0474) A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a specified request to trigger this vulnerability.
4 Clear Text Transmission of Password (TALOS-2017-0475) An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to log in as admin.
5 Web Server URI Denial of Service (TALOS-2017-0476) An attacker can send a crafted URI to trigger this vulnerability.
6 Web Server Certificate Signing Request Command Injection (TALOS-2017-0477) A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
7 Web Server Cross-Site Request Forgery (TALOS-2017-0478) A specially crafted HTTP packet can cause a cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.
8 Plaintext Password Storage (TALOS-2017-0479) An attacker with shell access could extract passwords in clear text from the device.
9 Server Agent Information Disclosure (TALOS-2017-0480) A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.
10 Web Server Weak Cryptography for Passwords (TALOS-2017-0481) An attacker could intercept weakly encrypted passwords and could use brute force to break them.
11 Web Server OpenVPN Config Multiple Command Injection
(TALOS-2017-0482)
A specially crafted HTTP POST can cause a privilege escalation resulting in a root shell. An attacker can inject OS commands to trigger this vulnerability.
12 Service Agent Multiple Denial of Service (TALOS-2017-0487) A specially crafted packet can cause a denial of service.

 

Affected Products and Solutions

Affected products

  • EDR-810 Series using Firmware v3.13 Build 16051215 or previous firmware versions

 

Solutions:

Item Description Potential Impact
1 Web Server Ping Command Injection (TALOS-2017-0472) Upgrade to Firmware v4.2
2 Web RSA Key Generation Command Injection (TALOS-2017-0473) Upgrade to Firmware v4.2
3 Web Server strcmp Multiple Denial of Service (TALOS-2017-0474) Upgrade to Firmware v4.2
4 Clear Text Transmission of Password (TALOS-2017-0475) Users can go to the "User Interface Management" page to disable the HTTP connection and use HTTPS to access the web console.
5 Web Server URI Denial of Service (TALOS-2017-0476) Upgrade to Firmware v4.2
6 Web Server Certificate Signing Request Command Injection (TALOS-2017-0477) Upgrade to Firmware v4.2
7 Web Server Cross-Site Request Forgery (TALOS-2017-0478) Upgrade to Firmware v4.2
8 Plaintext Password Storage (TALOS-2017-0479) Upgrade to Firmware v4.2
9 Server Agent Information Disclosure (TALOS-2017-0480) In order to address this issue, users can disable Moxa Command function in the web console.
10 Web Server Weak Cryptography for Passwords (TALOS-2017-0481) Upgrade to Firmware v4.2
11 Web Server OpenVPN Config Multiple Command Injection
(TALOS-2017-0482)
Upgrade to Firmware v4.2
12 Service Agent Multiple Denial of Service (TALOS-2017-0487) Upgrade to Firmware v4.2

 

 

The firmware v4.2 for the EDR-810 Series can be downloaded from the link below:
EDR-810 Series: https://www.moxa.com/support/download.aspx?type=support&id=15851

Revision History:

Version Description Release Date
1.0 First release April 17, 2018

 

Related Questions
Provide Feedback
Quality of this article
Poor                Excellent