3 matches found
Moxa EDR-810 Web RSA Key Generation Command Injection (CVE-2017-12121)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...
CVE-2017-12121
The CVE-2017-12121 issue affects Moxa EDR-810 Web RSA Key Generation functionality. Talos reports a command-injection in the rsakey_name parameter of the /goform/WebRSAKEYGen POST, enabling privilege escalation to root when authenticated. A root shell can be obtained via crafted input; affected p...
Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability(CVE-2017-12121)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...