Print - 【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in MOXA (CVE-2023-38408). Please promptly verify and apply the necessary fixes.

【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in MOXA (CVE-2023-38408). Please promptly verify and apply the necessary fixes.

publish date : 2026-01-26 update date : 2026-01-26

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026011902011414	Publication Time	2026/01/19 14:15
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/01/19 14:15
Impact Level	Medium
[Subject] 【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in MOXA (CVE-2023-38408). Please promptly verify and apply the necessary fixes.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202601-00000253 MOXA has recently released a security update to address an OpenSSH Unquoted Search Path vulnerability (CVE-2023-38408) in its switch devices. This vulnerability allows unauthenticated remote attackers to execute arbitrary code remotely via the SSH agent forwarding mechanism. Please promptly verify and apply the necessary fixes. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] EDS-G4000 series firmware versions v4.1 and earlier RKS-G4000 series firmware versions v5.0 and earlier
[Recommended Actions] The vendor has released a security update to address this vulnerability. Please refer to the official guidance and perform the update accordingly. The URL is as follows: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2023-38408 2. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-256261-cve-2023-38408-openssh-vulnerability-in-ethernet-switches

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center