CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-10963 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante no autenticado poder recuperar algunos archivos de registro del dispositivo, lo que puede permitir la divulgación de información confidencial. Los archivos de registro deben haber sido previamente exportados por un usuario legítimo. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10969 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecución de código remota. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8346
https://notcve.org/view.php?id=CVE-2016-8346
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). Ha sido descubierto un problema en Moxa EDR-810 Industrial Secure Router. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malintencionado puede acceder a los archivos de configuración y de registro (PRIVILEGE ESCALATION). • http://www.securityfocus.com/bid/93800 https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01 • CWE-532: Insertion of Sensitive Information into Log File •