Lucene search
K

423 matches found

Prion
Prion
added 2023/10/03 1:15 a.m.19 views

Cross site scripting

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 a...

4.9CVSS5.3AI score0.00303EPSS
Exploits0References2Affected Software12
Prion
Prion
added 2023/10/03 1:15 a.m.19 views

Command injection

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows:...

6.5CVSS8.8AI score0.01286EPSS
Exploits0References2Affected Software14
Vulnrichment
Vulnrichment
added 2023/10/03 12:14 a.m.10 views

CVE-2023-39429

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 a...

6.4AI score0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/03 12:12 a.m.7 views

CVE-2023-39222

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows:...

7.6AI score0.01286EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.19 views

Moxa EDR-810 Service Agent Denial of Service (CVE-2017-14439)

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. This plugin only works with...

7.5CVSS7.4AI score0.01739EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.12 views

Moxa EDR-810 Web Server Cross-Site Request Forgery (CVE-2017-12126)

An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. This plugin only works wit...

8.8CVSS7.7AI score0.01011EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.11 views

Moxa EDR-810 Web Server strcmp Denial of Service (CVE-2017-14435)

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to /MOXA\CFG.ini without a cookie header ...

7.5CVSS7.3AI score0.0219EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.16 views

Moxa EDR-810 Service Agent Denial of Service (CVE-2017-14438)

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. This plugin only works with...

7.5CVSS7.4AI score0.01944EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.16 views

Moxa EDR-810 Web Server strcmp Denial of Service (CVE-2017-14436)

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to /MOXA\CFG2.ini without a cookie header...

7.5CVSS7.4AI score0.0219EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.13 views

Moxa EDR-810 Web Server Certificate Signing Request Command Injection (CVE-2017-12125)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the /goform/netWebCSRGen uri t...

9CVSS8.1AI score0.04024EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.11 views

Moxa EDR-810 Web Server strcmp Denial of Service (CVE-2017-14437)

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to /MOXA\LOG.ini without a cookie header ...

7.5CVSS7.4AI score0.0219EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.13 views

Moxa EDR-810 Cleartext Transmission of Password (CVE-2017-12123)

An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. Th...

8.8CVSS6.6AI score0.01049EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.17 views

Moxa (CVE-2020-28144)

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...

9.8CVSS7.4AI score0.02141EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.13 views

Moxa EDR-810 Web RSA Key Generation Command Injection (CVE-2017-12121)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...

9CVSS8.1AI score0.04328EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.13 views

Moxa EDR-810 Web Server OpenVPN Config Command Injection (CVE-2017-14432)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

9CVSS8.1AI score0.04493EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.14 views

Moxa EDR-810 Web Server Weak Cryptography for Passwords (CVE-2017-12129)

An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. This plugin only works with Tenable.ot. Please visit...

8CVSS5.6AI score0.0071EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.24 views

Moxa EDR 810 Series Improper Input Validation (CVE-2019-10969)

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. This plugin only works with Tenable.ot. Please visit...

7.2CVSS7.2AI score0.08747EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.16 views

Moxa EDR-810 Web Server OpenVPN Config Command Injection (CVE-2017-14434)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the...

9CVSS8.2AI score0.04493EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.9 views

Moxa EDR-810 Web Server URI Denial of Service (CVE-2017-12124)

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. This...

7.5CVSS6.9AI score0.01882EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.10 views

Moxa EDR-810 Plaintext Password Storage (CVE-2017-12127)

A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

4.4CVSS5.1AI score0.0044EPSS
Exploits2References2
Rows per page
Query Builder