Vulnerability Details CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03
Products affected by CVE-2019-10969
-
cpe:2.3:h:moxa:edr-810:-
-
cpe:2.3:o:moxa:edr-810_firmware:3.12
-
cpe:2.3:o:moxa:edr-810_firmware:4.1
-
cpe:2.3:o:moxa:edr-810_firmware:4.2
-
cpe:2.3:o:moxa:edr-810_firmware:5.1