EDS-4000/G4000 Series IP Forwarding Vulnerability

Moxa Security Advisory

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target.

The identified vulnerability types and potential impacts are shown below:

Item
Vulnerability Type
Impact

1

Unintended Proxy or Intermediary (‘Confused Deputy’) (CWE-441)

CVE-2024-0387

An attacker can bypass access controls or hide the source of malicious requests.

 

Vulnerability Scoring Details 

ID 

CVSS 

Vector 

Severity 

Remote Exploit without Auth? 

CVE-2024-0387

6.5 

AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 

Medium 

No

READ MORE