CVE-2024-0387 MEDIUM

CVE-2024-0387: EDS-4000/G4000 Series IP Forwarding Vulnerability

Vendor Moxa
Product EDS-4008 Series
Weakness CWE-1188
Published February 26, 2024
Last update October 28, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.

Key dates

02Disclosure timeline

February 26, 2024 CVE published
October 28, 2024 Record updated