CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19659
https://notcve.org/view.php?id=CVE-2018-19659
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad del servidor web de los productos Moxa NPort W2x50A con firmware en versiones anteriores a la 2.2 Build_18082311. Una petición HTTP POST especialmente manipulada en /goform/net_WebPingGetValue puede resultar en la ejecución de comandos del sistema operativo como usuario root. • http://packetstormsecurity.com/files/150535/Moxa-NPort-W2x50A-2.1-OS-Command-Injection.html http://seclists.org/fulldisclosure/2018/Nov/64 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19660 – Moxa NPort W2x50A 2.1 OS Command Injection
https://notcve.org/view.php?id=CVE-2018-19660
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad del servidor web de los productos Moxa NPort W2x50A con firmware en versiones anteriores a la 2.2 Build_18082311. Una petición HTTP POST especialmente manipulada en /goform/webSettingProfileSecurity puede resultar en la ejecución de comandos del sistema operativo como usuario root. Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities. • http://packetstormsecurity.com/files/150535/Moxa-NPort-W2x50A-2.1-OS-Command-Injection.html http://seclists.org/fulldisclosure/2018/Nov/64 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •