CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14436
https://notcve.org/view.php?id=CVE-2017-14436
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio (DoS) explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un URI HTTP especialmente manipulado puede provocar una desreferencia de puntero NULL, resultando en una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14437
https://notcve.org/view.php?id=CVE-2017-14437
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio (DoS) explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un URI HTTP especialmente manipulado puede provocar una desreferencia de puntero NULL, resultando en una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14438
https://notcve.org/view.php?id=CVE-2017-14438
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. Existen vulnerabilidades de denegación de servicio (DoS) explotables en la funcionalidad Service Agent de Moxa EDR-810 V4.1 build 17030317. Un paquete especialmente manipulado puede provocar una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12121
https://notcve.org/view.php?id=CVE-2017-12121
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12126
https://notcve.org/view.php?id=CVE-2017-12126
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un paquete HTTP especialmente manipulado puede provocar Cross-Site Request Forgery (CSRF). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478 • CWE-352: Cross-Site Request Forgery (CSRF) •