Stack-Based Buffer Overflow Vulnerability Discovered in Industrial VPN

Claroty and CISA disclosed a critical stack-based buffer overflow (CVE-2020-14511, CVSS 9.8) in Moxa EDR-G902/EDR-G903 industrial VPN routers (versions ≤ 5.4) that allows an unauthenticated attacker to trigger remote code execution via an oversized HTTP cookie; devices commonly exposed to the internet and used in critical infrastructure should be updated with vendor firmware patches or isolated/ protected per CISA guidance.