[VULNERABILITY ALERT] MOXA High-Risk Security Vulnerability (CVE-2023-38408), Please Confirm and Patch Promptly

POSTING DATE: 2026/01/23

Subject: [VULNERABILITY ALERT] MOXA High-Risk Security Vulnerability (CVE-2023-38408), Please Confirm and Patch Promptly

Content Description:
- Forwarded from National Information Sharing and Analysis Center (NISAC) Security Alert NISAC-200-202601-00000253
- MOXA has recently released security updates to address an Unquoted Search Path vulnerability (CVE-2023-38408) in OpenSSH for its switch devices. This vulnerability allows an unauthenticated remote attacker to execute arbitrary code remotely via the SSH agent forwarding mechanism. Please confirm and perform patching as soon as possible.
Affected Platforms:
- EDS-G4000 series firmware v4.1 and earlier
- RKS-G4000 series firmware v5.0 and earlier
Recommended Actions:
- Official security updates have been released. Please refer to the official advisory for update instructions: https://wwwmoxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches
Reference Material:
1. https://nvd.nist.gov/vuln/detail/CVE-2023-38408
2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches

Computer and Communication Center
Network Systems Division, Respectfully