Lucene search
PRIOn knowledge basePRION:CVE-2017-12120HistoryMay 14, 2018 - 8:29 p.m.
Command injection
2018-05-1420:29:00
PRIOn knowledge base
www.prio-n.com
3
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the “/goform/net_WebPingGetValue” URI to trigger this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| edr-810_firmware | eq | 4.1 |
Related
talos
talos
Moxa EDR-810 Web Server ping Command Injection Vulnerability
2018-04-13 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2017-12120
2018-04-13 00:00:00
CVE-2018-19659
2018-12-06 23:00:00
nvd
nvd
CVE-2017-12120
2018-05-14 20:29:00
CVE-2018-19659
2018-12-06 23:29:01
cve
cve
CVE-2017-12120
2018-05-14 20:29:00
CVE-2018-19659
2018-12-06 23:29:01
seebug
seebug
Moxa EDR-810 Web Server ping Command Injection Vulnerability(CVE-2017-12120)
2018-04-16 00:00:00
prion
prion
Command injection
2018-12-06 23:29:00
zdt
zdt
Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability
2018-12-01 00:00:00
packetstorm
packetstorm
Moxa NPort W2x50A 2.1 OS Command Injection
2018-11-29 00:00:00
talosblog
talosblog