Moxa Secure Router Improper Length Parameter Handling Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Moxa's Secure Router due to improper handling of length parameters in the HTTPS management interface. This flaw allows an unauthenticated remote attacker to send specially crafted requests that cause a buffer overflow, making the web service unresponsive. Exploitation of this vulnerability disrupts the device's normal operation, requiring a reboot to restore functionality. While this issue significantly affects the device's availability, it does not impact the confidentiality or integrity of the affected product or the subsequent system.

Impact

Exploitation of this vulnerability causes a buffer overflow that leads to a denial-of-service condition, causing the web service to become unresponsive. This disruption requires a device reboot to restore normal operation.

Remediation

Users can update to firmware version 3.24 or later. For OnCell G4302-LTE4 Series and OnCell G4308-LTE4 Series, please contact Moxa Technical Support for the security patch (v3.24.1).