Vulnerabilities > Moxa > EDR 810 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-10969 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1/4.2/5.1
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
network
low complexity
moxa CWE-20
6.5
6.5
2019-10-08 CVE-2019-10963 Unspecified vulnerability in Moxa Edr-810 Firmware
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure.
network
moxa
4.3
4.3
2018-09-20 CVE-2018-16282 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
network
low complexity
moxa CWE-78
critical
 9.0
9.0
2018-05-14 CVE-2017-14439 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
7.5
2018-05-14 CVE-2017-14438 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
7.5
2018-05-14 CVE-2017-14437 NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-476
7.5
7.5
2018-05-14 CVE-2017-14436 NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-476
7.5
7.5
2018-05-14 CVE-2017-14435 NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-476
7.5
7.5
2018-05-14 CVE-2017-14434 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8
2018-05-14 CVE-2017-14433 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
8.8