module

Moxa UDP Device Discovery

Try Surface Command
Back to search
Disclosed
N/A
Created
2018-05-30

Description

The Moxa protocol listens on 4800/UDP and will respond to broadcast
or direct traffic. The service is known to be used on Moxa devices
in the NPort, OnCell, and MGate product lines.

A discovery packet compels a Moxa device to respond to the sender
with some basic device information that is needed for more advanced
functions. The discovery data is 8 bytes in length and is the most
basic example of the Moxa protocol. It may be sent out as a
broadcast (destination 255.255.255.255) or to an individual device.

Devices that respond to this query may be vulnerable to serious
information disclosure vulnerabilities, such as CVE-2016-9361.

The module is the work of Patrick DeSantis of Cisco Talos and is
derived from original work by K. Reid Wightman. Tested and validated
on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.

Author

Patrick DeSantis p@t-r10t.com

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use auxiliary/scanner/scada/moxa_discover
    msf auxiliary(moxa_discover) > show actions
        ...actions...
    msf auxiliary(moxa_discover) > set ACTION < action-name >
    msf auxiliary(moxa_discover) > show options
        ...show and set options...
    msf auxiliary(moxa_discover) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today