Vulnerabilities > CVE-2017-12124 - NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
moxa
CWE-476

Summary

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Moxa
1
Hardware
Moxa
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
description### Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. ### Tested Versions Moxa EDR-810 V4.1 build 17030317 ### Product URLs https://www.moxa.com/product/EDR-810.htm ### CVSSv3 Score 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ### CWE CWE-20 - Improper Input Validation ### Details When the web server is processing HTTP requests it checks the first character of the URI for a / (0x2F). If the first character is not a 0x2F the service will crash. ``` .text:00061460 LDR R3, [R11,#s1] .text:00061464 LDRB R3, [R3] .text:00061468 CMP R3, #0x2F ; '/' .text:0006146C BEQ loc_61454 ``` ### Exploit Proof-of-Concept ``` echo 'GET A HTTP/1.1' | nc -nv 192.168.127.254 80 ``` ### Timeline * 2017-11-15 - Vendor Disclosure * 2017-11-19 - Vendor Acknowledged * 2017-12-25 - Vendor provided timeline for fix (Feb 2018) * 2018-01-04 - Timeline pushed to mid-March per vendor * 2018-03-24 - Talos follow up with vendor for release timeline * 2018-03-26 - Timeline pushed to 4/13/18 per vendor * 2018-04-12 - Vendor patched & published new firmware on website * 2018-04-13 - Public Release
idSSV:97228
last seen2018-06-26
modified2018-04-16
published2018-04-16
reporterMy Seebug
sourcehttps://www.seebug.org/vuldb/ssvid-97228
titleMoxa EDR-810 Web Server URI Denial of Service Vulnerability(CVE-2017-12124)

Talos

idTALOS-2017-0476
last seen2019-05-29
published2018-04-13
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476
titleMoxa EDR-810 Web Server URI Denial of Service Vulnerability