Moxa EDR-810 Cross-Site Request Forgery Vulnerability

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A cross-site request forgery vulnerability exists in the web server functionality of the Moxa EDR-810 V4.1 build 17030317. An attacker can exploit this...

Moxa EDR-810 Information Disclosure Vulnerability

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. An information disclosure vulnerability exists in the server proxy feature of the Moxa EDR-810 V4.1 build 17030317. An attacker can exploit this...

Moxa EDR-810 Denial of Service Vulnerability

Moxa EDR-810 is a security router with both firewall and VPN functions from Moxa. A denial of service vulnerability exists in the Web server feature of the Moxa EDR-810 version 4.1 build 17030317. The vulnerability can be exploited to cause a denial of service Web server crash by sending a...

CVE-2017-12128

An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability...

CVE-2017-12126

An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability...

CVE-2017-12127

A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device...

CVE-2017-12120

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

CVE-2017-14434

Summary: CVE-2017-14434 affects Moxa EDR-810 Web Server (V4.1 build 17030317). The vulnerability is a command injection in the web server’s OpenVPN config endpoint, exploitable after logging in via HTTP POST to /goform/net_Web_get_value, specifically through the remoteNetmask0 parameter, allowing...

CVE-2017-12126

An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability...

PT-2018-5633 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by a specially crafted HTTP POST, where an attacker...