First published: Mon May 14 2018(Updated: )
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa Edr-810 Firmware | =4.1 | |
Moxa EDR-810 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.