VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 1, 2023· Updated Sep 6, 2024

Web Server Buffer Overflow Vulnerability

CVE-2023-4452

Description

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial-of-service vulnerability in Moxa EDR-810/G902/G903 Series routers due to insufficient URI input validation, allowing remote attackers to cause a device reboot.

Vulnerability

A buffer overflow vulnerability (CWE-120) exists in the web server of Moxa EDR-810, EDR-G902, and EDR-G903 Series routers. The insufficient input validation in the URI allows an attacker to trigger a denial-of-service condition by causing the device to reboot. Affected firmware versions are EDR-810 Series v5.12.28 and prior, and EDR-G902/G903 Series v5.7.20 and prior [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The attacker sends a specially crafted HTTP request with a malicious URI to the target device's web server, triggering the buffer overflow and causing the device to reboot [1].

Impact

Successful exploitation results in a denial-of-service (DoS) condition as the device reboots. While no data confidentiality is compromised, the attacker achieves a low integrity impact (device reset) and low availability impact (temporary service disruption) [1].

Mitigation

Moxa has developed firmware updates to address this vulnerability; refer to the security advisory [1] for the specific fixed versions. As a workaround, minimize network exposure and ensure the device is not accessible from the Internet. If remote access is required, use secure methods such as VPNs [1].

References
  1. EDR-810/G902/G903 Series Web Server Buffer Overflow Vulnerability | Moxa

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Moxa/EDR-G902llm-create
  • Moxa/Edr G903llm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 1.0
  • Moxa/EDR-810llm-fuzzy
  • Moxa/EDR-810 Seriesv5
    Range: 1.0
  • Moxa/EDR G902 Seriesv5
    Range: 1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.