Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi (rgod)ZDI-15-453
HistorySep 29, 2015 - 12:00 a.m.

(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability

2015-09-2900:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
16

EPSS

0.229

Percentile

96.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class. The specific flaw exists within the login() function which contains hard-coded credentials. An attacker can exploit this condition to take full control of the product and achieve code execution on all managed hosts.

Related

cvelist 1
prion 1
cve 1
nvd 1
ics 1
cvelist
cvelist
CVE-2015-6481
2015-12-21 11:00:00
prion
prion
Hardcoded credentials
2015-12-21 11:59:00
cve
cve
CVE-2015-6481
2015-12-21 11:59:06
nvd
nvd
CVE-2015-6481
2015-12-21 11:59:06
ics
ics
Moxa OnCell Central Manager Vulnerabilities
2018-08-27 12:00:00

EPSS

0.229

Percentile

96.6%

JSON
Related for ZDI-15-453
cvelist1prion1cve1nvd1ics1