CVE-2019-10963

MEDIUM

Moxa EDR-810 Firmware < 5.1 - Unauthenticated Sensitive Information Disclosure via Log File Retrieval

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10963.

AI-analyzed exploit summary The document details two vulnerabilities in Moxa EDR-810 Series Secure Routers: a command injection in the CLI (CVE-2019-10969) allowing authenticated users to obtain root privileges via the ping feature, and an improper access control issue (CVE-2019-10963) enabling unauthenticated retrieval of log files from the web server. It includes technical details, exploitation steps, and mitigation recommendations.

Description

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.

Exploits (1)

exploitdb WRITEUP

remotehardware

https://www.exploit-db.com/exploits/47536

View Code ZIP pw:eip

The document details two vulnerabilities in Moxa EDR-810 Series Secure Routers: a command injection in the CLI (CVE-2019-10969) allowing authenticated users to obtain root privileges via the ping feature, and an improper access control issue (CVE-2019-10963) enabling unauthenticated retrieval of log files from the web server. It includes technical details, exploitation steps, and mitigation recommendations.

Classification

Writeup 100%

Attack Type

Rce | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Moxa EDR-810 Series Secure Routers, versions 5.1 and prior

Auth required

Prerequisites: Authenticated access (admin/configadmin) for CVE-2019-10969 · Log files exported by a legitimate user for CVE-2019-10963

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsa-19-274-03

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html

Scores

CVSS v3 4.3

EPSS 0.0634

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE

CWE-321

Status published

Products (1)

moxa/edr-810_firmware < 5.1

Published Oct 08, 2019

Tracked Since Feb 18, 2026