5 matches found
Moxa EDR-810 Web Server ping Command Injection (CVE-2017-12120)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
Command injection
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/netWebPingGetValue can result in running OS commands as the root user. This is...
CVE-2017-12120
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
CVE-2017-12120
CVE-2017-12120 affects Moxa EDR-810 Web Ping functionality in firmware build 17030317. A crafted HTTP POST to /goform/net_WebPingGetValue allows OS command injection via the ip= parameter, enabling privilege escalation to a root shell. Affected product is the Moxa EDR-810; impact includes potenti...
Moxa EDR-810 Web Server ping Command Injection Vulnerability(CVE-2017-12120)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...