CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-10963 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante no autenticado poder recuperar algunos archivos de registro del dispositivo, lo que puede permitir la divulgación de información confidencial. Los archivos de registro deben haber sido previamente exportados por un usuario legítimo. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10969 – Moxa EDR-810 - Command Injection / Information Disclosure
https://notcve.org/view.php?id=CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810, todas las versiones 5.1 y anteriores, permite a un atacante autenticado abusar de la funcionalidad ping para ejecutar comandos no autorizados en el enrutador, lo que puede permitir a un atacante realizar la ejecución de código remota. Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities. • https://www.exploit-db.com/exploits/47536 http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html https://www.us-cert.gov/ics/advisories/icsa-19-274-03 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16282
https://notcve.org/view.php?id=CVE-2018-16282
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. Una vulnerabilidad de inyección de comandos en la funcionalidad del servidor web de Moxa EDR-810 V4.2 build 18041013 permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo con privilegios root mediante el parámetro caname en el URI /xml/net_WebCADELETEGetValue. • https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb https://www.moxa.com/support/download.aspx?type=support&id=15851 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12128
https://notcve.org/view.php?id=CVE-2017-12128
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información explotable en la funcionalidad Server Agent de Moxa EDR-810 V4.1 build 17030317. Un paquete TCP especialmente manipulado puede provocar la divulgación de información. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-12123
https://notcve.org/view.php?id=CVE-2017-12123
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. Existe una vulnerabilidad de transmisión de contraseñas en texto claro en las funcionalidades de servidor web y telnet de Moxa EDR-810 V4.1 build 17030317. Un atacante puede visualizar el tráfico de red para obtener la contraseña de administrador del dispositivo. • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475 • CWE-522: Insufficiently Protected Credentials •