CVE-2020-28144 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2020-28144?

CVE-2020-28144 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected Moxa secure routers by sending specially crafted requests. It affects EDR-G903, EDR-G902, and EDR-810 series devices with vulnerable firmware versions. The high CVSS score indicates critical severity requiring immediate attention.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Moxa secure routers by sending specially crafted requests. It affects EDR-G903, EDR-G902, and EDR-810 series devices with vulnerable firmware versions. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:

EDR-G903 Series
EDR-G902 Series
EDR-810 Series

Versions: EDR-G903/G902: Firmware Version 5.5 or lower, EDR-810: Firmware Version 5.6 or lower

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to pivot to internal networks, intercept/modify traffic, disable security functions, or use the device as a persistent foothold.

🟠

Likely Case

Remote code execution leading to network disruption, data interception, or installation of malware/backdoors on the router.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires crafted requests but no authentication, making exploitation straightforward for attackers who discover the technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EDR-G903/G902: Firmware Version 5.6 or higher, EDR-810: Firmware Version 5.7 or higher

Vendor Advisory: https://www.moxa.com/en/support/support/security-advisory/edr-g903-g902-810-secure-router-vulnerability

Restart Required: Yes

Instructions:

1. Download latest firmware from Moxa support portal. 2. Backup current configuration. 3. Upload and install new firmware via web interface or CLI. 4. Restart device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation and Access Control

all

Restrict network access to affected devices using firewall rules and network segmentation.

Disable Unnecessary Services

all

Disable any unnecessary management interfaces or services on the routers.

🧯 If You Can't Patch

Isolate affected devices in separate VLANs with strict firewall rules
Implement network monitoring and intrusion detection for suspicious traffic to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > System Information) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is EDR-G903/G902: 5.6+ or EDR-810: 5.7+

📡 Detection & Monitoring

Log Indicators:

Unusual connection attempts to router management interfaces
Multiple failed login attempts followed by successful access
Unexpected configuration changes

Network Indicators:

Unusual outbound connections from router
Traffic patterns inconsistent with normal router operations
Port scanning originating from router

SIEM Query:

source_ip IN (router_ips) AND (event_type="configuration_change" OR event_type="unusual_access")

📊 Metadata

CVE ID: CVE-2020-28144

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 3, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28144, you might also want to check these: