Vulnerabilities > CVE-2024-0387 - Unspecified vulnerability in Moxa products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

moxa

NVD

Published: 2024-02-26

Updated: 2025-02-25

Summary

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa EDS 4008 Firmware * Moxa EDS 4009 Firmware * Moxa EDS 4012 Firmware * Moxa EDS 4014 Firmware * Moxa EDS G4008 Firmware * Moxa EDS G4012 Firmware * Moxa EDS G4014 Firmware *	7
Hardware	Moxa Moxa EDS 4008 - Moxa EDS 4009 - Moxa EDS 4012 - Moxa EDS 4014 - Moxa EDS G4008 - Moxa EDS G4012 - Moxa EDS G4014 -	7

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0