CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14432
https://notcve.org/view.php?id=CVE-2017-14432
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14439
https://notcve.org/view.php?id=CVE-2017-14439
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. Existen vulnerabilidades de denegación de servicio (DoS) explotables en la funcionalidad Service Agent de Moxa EDR-810 V4.1 build 17030317. Un paquete especialmente manipulado puede provocar una denegación de servicio (DoS). • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14433
https://notcve.org/view.php?id=CVE-2017-14433
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12120 – Moxa NPort W2x50A 2.1 OS Command Injection
https://notcve.org/view.php?id=CVE-2017-12120
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 83%CPEs: 5EXPL: 1CVE-2017-14459 – Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection
https://notcve.org/view.php?id=CVE-2017-14459
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Existe una vulnerabilidad explotable de inyección de comandos del sistema operativo en las funcionalidades Telnet, SSH e inicio de sesión en consola en el AP/bridge/cliente inalámbrico Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n, en versiones de firmware de la 1.4 a la 1.7 (actual). Un atacante puede inyectar comandos mediante el parámetro username de varios servicios (SSH, Telnet, consola), lo que resulta en la ejecución remota no autenticada de comandos del sistema operativo a nivel root. • https://www.exploit-db.com/exploits/44398 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •