CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14433
https://notcve.org/view.php?id=CVE-2017-14433
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12120 – Moxa NPort W2x50A 2.1 OS Command Injection
https://notcve.org/view.php?id=CVE-2017-12120
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8346
https://notcve.org/view.php?id=CVE-2016-8346
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). Ha sido descubierto un problema en Moxa EDR-810 Industrial Secure Router. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malintencionado puede acceder a los archivos de configuración y de registro (PRIVILEGE ESCALATION). • http://www.securityfocus.com/bid/93800 https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01 • CWE-532: Insertion of Sensitive Information into Log File •