CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-12125

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477

Products affected by CVE-2017-12125

Moxa » Edr-810 » Version: N/A

cpe:2.3:h:moxa:edr-810:-
Moxa » Edr-810 Firmware » Version: 4.1

cpe:2.3:o:moxa:edr-810_firmware:4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-12125

Products

Pricing

Contact Us