CVE-2019-9099

Vulnerability

A stack-based buffer overflow vulnerability (CWE-121) exists in the built-in web server of Moxa MGate MB3170 and MB3270 series firmware version 4.0 or lower, MB3280 and MB3480 series firmware version 3.0 or lower, MB3660 series firmware version 2.2 or lower, and MB3180 series firmware version 2.0 or lower [1][2]. The overflow occurs due to improper handling of data within the web server, enabling remote exploitation without authentication [1].

Exploitation

An attacker can exploit this vulnerability remotely over the network without any prior authentication or user interaction [1]. The attack complexity is low, requiring only a crafted request sent to the built-in web server to trigger the buffer overflow [1]. The CVSS vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) further confirms that no special privileges or user action are needed [1].

Impact

Successful exploitation can lead to a denial of service (DoS) condition, crashing the device [1][2]. The vulnerability is also assessed to potentially allow arbitrary code execution, giving the attacker the ability to fully compromise the gateway [1][2]. The initial CVSS impact focuses on availability, but the advisory notes the possibility of code execution [1].

Mitigation

Moxa has released firmware updates to address this vulnerability: version 4.1 for MB3170 and MB3270, version 3.1 for MB3280 and MB3480, version 2.3 for MB3660, and version 2.1 for MB3180 [1][2]. Users should update their devices to these patched versions. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].