CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14437
https://notcve.org/view.php?id=CVE-2017-14437
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio (DoS) explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un URI HTTP especialmente manipulado puede provocar una desreferencia de puntero NULL, resultando en una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14438
https://notcve.org/view.php?id=CVE-2017-14438
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. Existen vulnerabilidades de denegación de servicio (DoS) explotables en la funcionalidad Service Agent de Moxa EDR-810 V4.1 build 17030317. Un paquete especialmente manipulado puede provocar una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12121
https://notcve.org/view.php?id=CVE-2017-12121
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12126
https://notcve.org/view.php?id=CVE-2017-12126
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un paquete HTTP especialmente manipulado puede provocar Cross-Site Request Forgery (CSRF). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12129
https://notcve.org/view.php?id=CVE-2017-12129
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Existe una vulnerabilidad de criptografía de contraseñas débil explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Un atacante podría interceptar contraseñas con cifrado débil y realizar ataques de fuerza bruta. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •