3 matches found
Moxa EDR-810 Web Server Certificate Signing Request Command Injection (CVE-2017-12125)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the /goform/netWebCSRGen uri t...
CVE-2017-12125
CVE-2017-12125 affects Moxa EDR-810 Web Server (V4.1, build 17030317). A crafted HTTP POST to /goform/net_WebCSRGen allows OS command injection via the CN parameter, enabling privilege escalation to a root shell. Public references (Talos/Talos blog, NVD, NASL plugin) describe the same vulnerabili...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability(CVE-2017-12125)
Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the...