Skip to main content

Pt 7528 24Tx Hv Firmware CVE-2020-6989

CRITICAL
Stack-based Buffer Overflow (CWE-121)
2020-03-24 ics-cert@hq.dhs.gov
Buffer Overflow RCE Stack Overflow Pt 7528 24Tx Hv Firmware Pt 7528 24Tx Hv Hv Firmware Pt 7528 24Tx Wv Firmware Pt 7528 24Tx Wv Hv Firmware Pt 7528 24Tx Wv Wv Firmware Pt 7528 12Msc 12Tx 4Gsfp Hv Firmware Pt 7528 12Msc 12Tx 4Gsfp Hv Hv Firmware Pt 7528 12Msc 12Tx 4Gsfp Wv Firmware Pt 7528 12Msc 12Tx 4Gsfp Wv Wv Firmware Pt 7528 12Mst 12Tx 4Gsfp Hv Firmware Pt 7528 12Mst 12Tx 4Gsfp Hv Hv Firmware Pt 7528 12Mst 12Tx 4Gsfp Wv Firmware Pt 7528 12Mst 12Tx 4Gsfp Wv Wv Firmware Pt 7528 16Msc 8Tx 4Gsfp Hv Firmware Pt 7528 16Msc 8Tx 4Gsfp Hv Hv Firmware Pt 7528 16Msc 8Tx 4Gsfp Wv Firmware Pt 7528 16Msc 8Tx 4Gsfp Wv Wv Firmware Pt 7528 16Mst 8Tx 4Gsfp Hv Firmware Pt 7528 16Mst 8Tx 4Gsfp Hv Hv Firmware Pt 7528 16Mst 8Tx 4Gsfp Wv Firmware Pt 7528 16Mst 8Tx 4Gsfp Wv Wv Firmware Pt 7528 20Msc 4Tx 4Gsfp Hv Firmware Pt 7528 20Msc 4Tx 4Gsfp Hv Hv Firmware Pt 7528 20Msc 4Tx 4Gsfp Wv Firmware Pt 7528 20Msc 4Tx 4Gsfp Wv Wv Firmware Pt 7528 20Mst 4Tx 4Gsfp Hv Firmware Pt 7528 20Mst 4Tx 4Gsfp Hv Hv Firmware Pt 7528 20Mst 4Tx 4Gsfp Wv Firmware Pt 7528 20Mst 4Tx 4Gsfp Wv Wv Firmware Pt 7528 8Msc 16Tx 4Gsfp Hv Firmware Pt 7528 8Msc 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Msc 16Tx 4Gsfp Wv Firmware Pt 7528 8Msc 16Tx 4Gsfp Wv Wv Firmware Pt 7528 8Mst 16Tx 4Gsfp Hv Firmware Pt 7528 8Mst 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Mst 16Tx 4Gsfp Wv Firmware Pt 7528 8Mst 16Tx 4Gsfp Wv Wv Firmware Pt 7528 8Ssc 16Tx 4Gsfp Hv Hv Firmware Pt 7528 8Ssc 16Tx 4Gsfp Wv Wv Firmware Pt 7828 F 24 Firmware Pt 7828 F 24 24 Firmware Pt 7828 F 24 Hv Firmware Pt 7828 F 48 Firmware Pt 7828 F 48 48 Firmware Pt 7828 F 48 Hv Firmware Pt 7828 F Hv Firmware Pt 7828 F Hv Hv Firmware Pt 7828 R 24 Firmware Pt 7828 R 24 24 Firmware Pt 7828 R 24 Hv Firmware Pt 7828 R 48 Firmware Pt 7828 R 48 48 Firmware Pt 7828 R 48 Hv Firmware Pt 7828 R Hv Firmware Pt 7828 R Hv Hv Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 24, 2020 - 19:15 nvd
CRITICAL 9.8

DescriptionNVD

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.

AnalysisAI

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-121. In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. Affected products include: Moxa Pt-7528-24Tx-Hv Firmware, Moxa Pt-7528-24Tx-Hv-Hv Firmware, Moxa Pt-7528-24Tx-Wv Firmware, Moxa Pt-7528-24Tx-Wv-Hv Firmware, Moxa Pt-7528-24Tx-Wv-Wv Firmware. Version information: Version 4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2020-6989 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy