CVE-2017-14439
Description
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A denial-of-service vulnerability in Moxa EDR-810 V4.1 build 17030317 allows remote attackers to crash the Service Agent by sending a large packet to TCP port 4001.
Vulnerability
The Moxa EDR-810 Service Agent, running on firmware version V4.1 build 17030317, contains an improper input validation vulnerability (CWE-20) in its handling of network traffic on TCP port 4001. Sending a large packet to this port can cause the Service Agent to crash [1]. The Service Agent listens on TCP/UDP ports 4000 and 4001, and is used by the Moxa MXconfig Windows utility for device management [1].
Exploitation
An attacker with network access to the affected device can exploit this vulnerability by sending a large packet (e.g., 5000 null bytes) to TCP port 4001. The crash does not always occur on the first attempt, so an attacker may need to repeat the attack multiple times to induce a denial of service [1]. No authentication or user interaction is required, and the attack can be launched remotely over the network [1].
Impact
Successful exploitation results in a crash of the Service Agent process, leading to a denial of service. The device becomes unresponsive for its management functions while the crash persists [1]. The confidentiality and integrity of the device are not affected, but availability is compromised (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base score 7.5) [1].
Mitigation
Moxa released a patched firmware version to address this vulnerability. The vendor published the new firmware on their website on April 12, 2018 [1]. Users should update their Moxa EDR-810 devices to the latest firmware version. No workarounds are documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/Moxav5Range: Moxa EDR-810 V4.1 build 17030317
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input size validation in the Service Agent allows oversized packets to overflow internal buffers, causing a crash."
Attack vector
An unauthenticated attacker on the network sends a large packet (e.g., 5000 null bytes) to TCP port 4001 (or port 4000) of the Moxa EDR-810 Service Agent [ref_id=1]. The Service Agent listens on these ports and fails to validate the size of incoming data, leading to a denial-of-service crash. The crash on port 4001 may require multiple attempts [ref_id=1]. This is a classic improper input validation flaw [CWE-20].
Affected code
The vulnerability resides in the Service Agent component of Moxa EDR-810 firmware V4.1 build 17030317, which listens on TCP ports 4000 and 4001 [ref_id=1]. The advisory does not specify exact function or file names, but the defect is in the code path that handles incoming data on these ports without proper size validation.
What the fix does
The advisory does not include a patch diff, but the vendor released updated firmware on April 12, 2018 to address the issue [ref_id=1]. The fix likely adds bounds checking on the size of data received on ports 4000 and 4001 before processing, preventing oversized packets from corrupting memory or causing a crash. No further technical details of the remediation are provided in the reference.
Preconditions
- networkAttacker must have network access to the Moxa EDR-810 device on TCP port 4001 (or 4000).
- authNo authentication required; the Service Agent accepts connections from any source.
Reproduction
Send a large packet (e.g., 5000 null bytes) to TCP port 4001 of the target Moxa EDR-810 device. The Python PoC in the advisory demonstrates the attack: create a socket, connect to the host on port 4000 (or 4001), send 5000 null bytes, and close the connection [ref_id=1]. For port 4001, the crash may not occur on the first attempt and may require multiple sends [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.