CVE-2017-14434
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
Existe una vulnerabilidad de inyección de comandos explotable en la funcionalidad de servidor web de Moxa EDR-810 V4.1 build 17030317. Una petición POST especialmente manipulada puede provocar un escalado de privilegios, resultando en un shell root. Un atacante puede inyectar comandos de sistema operativo en el parámetro remoteNetmask0= en el URI "/goform/net\_Web\_get_value" para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-13 CVE Reserved
- 2018-05-14 CVE Published
- 2023-07-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Edr-810 Firmware Search vendor "Moxa" for product "Edr-810 Firmware" | 4.1 Search vendor "Moxa" for product "Edr-810 Firmware" and version "4.1" | - |
Affected
| in | Moxa Search vendor "Moxa" | Edr-810 Search vendor "Moxa" for product "Edr-810" | - | - |
Safe
|