Filtered by vendor Moxa
Subscriptions
Filtered by product Edr-810
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 8.8 High |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | ||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | ||||
| CVE-2017-12120 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | ||||
| CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2024-11-21 | N/A |
| An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | ||||