CVE-2020-12117

Vulnerability

CVE-2020-12117 is an unauthenticated information disclosure vulnerability in the Moxa Service running on Moxa NPort 5150A serial device servers. Affected firmware versions are 1.5 and earlier [1]. The Moxa Service listens on UDP port 4800 and is enabled by default on first-time installation, though it can be disabled without affecting normal device operation. An attacker can send a specially crafted UDP packet to this port to retrieve sensitive configuration values, including serial port settings [1].

Exploitation

An attacker does not need any prior authentication or network credentials. The only requirement is network access to UDP port 4800 on the target device. By sending a maliciously crafted UDP packet to that port, the Moxa Service responds with the device's serial port configuration data. The official description notes this is an unauthenticated service, meaning no user interaction or special privileges are required [1].

Impact

A successful exploit allows the attacker to obtain sensitive serial port configuration values of the device. This constitutes an information disclosure that could aid in further targeted attacks against the serial device server or the connected serial equipment. The impact is limited to confidentiality of configuration data; there is no indication of remote code execution, privilege escalation, or denial of service [1].

Mitigation

Moxa released firmware version 1.5 (and higher) that addresses the vulnerability. Users should upgrade to the latest firmware from the Moxa support site [1]. As a workaround, if upgrading is not immediately possible, users can disable the Moxa Service via the Console Setting, or if the service must remain enabled, restrict access using the Accessible IP List with whitelisted IP addresses and enable "Apply additional restrictions" [1]. The product is not listed on the CISA KEV catalog as of the publication date.