Moxa Ethernet Switches Host Header Injection Vulnerability

A host header injection vulnerability has been identified in Moxa's Ethernet switches, specifically in the TN-4500A Series, TN-5500A Series, TN-G4500 Series, and TN-G6500 Series, allowing attackers with administrative privileges to manipulate HTTP Host headers. By injecting a specially crafted Host header into HTTP requests directed at the device's web service, attackers can redirect users, forge links, or conduct phishing attacks. This vulnerability arises from the acceptance of extraneous untrusted data with trusted data, but it does not impact the confidentiality, integrity, or availability of the affected device or any subsequent systems.

Impact

Exploitation of this vulnerability could lead to host header injection, allowing for redirection of users, forgery of links, or execution of phishing attacks.

Remediation

Users can update to version 4.0 or later for the TN-4500A Series and TN-5500A Series. For the TN-G4500 Series and TN-G6500 Series, contact Moxa Technical Support for the security patch (v5.5.255).