Moxa EDR-810 Web Server OpenVPN Config Command Injection (CVE-2017-14432)

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

CVE-2017-14432

CVE-2017-14432 affects Moxa EDR-810 (V4.1, build 17030317). The web server allows command injection via POST to /goform/net_Web_get_value, injecting commands into openvpnServer0_tmp= and escalating privileges to root after authentication. Talos notes four related CVEs culminated in root-shell acc...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities(CVE-2017-14432 - CVE-2017-14434)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...