CVE-2019-10969

HIGH

Moxa EDR-810 Firmware <= 5.1 - Authenticated Remote Code Execution via Ping Feature

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10969. PoCs published by RandoriSec.

AI-analyzed exploit summary The document describes two vulnerabilities in Moxa EDR-810 Series Secure Routers: a command injection in the CLI (CVE-2019-10969) allowing authenticated users to obtain a root shell, and an improper access control issue (CVE-2019-10963) enabling unauthenticated retrieval of log files. Exploitation details and mitigation steps are provided.

Description

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.

Exploits (1)

exploitdb WRITEUP

by RandoriSec · textremotehardware

https://www.exploit-db.com/exploits/47536

View Code ZIP pw:eip

The document describes two vulnerabilities in Moxa EDR-810 Series Secure Routers: a command injection in the CLI (CVE-2019-10969) allowing authenticated users to obtain a root shell, and an improper access control issue (CVE-2019-10963) enabling unauthenticated retrieval of log files. Exploitation details and mitigation steps are provided.

Classification

Writeup 100%

Attack Type

Rce | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Moxa EDR-810 Series Secure Routers, versions 5.1 and prior

Auth required

Prerequisites: Authenticated access to CLI (admin or configadmin privileges) for CVE-2019-10969 · Log files exported by a legitimate user for CVE-2019-10963

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1040 - Network Sniffing T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.us-cert.gov/ics/advisories/icsa-19-274-03

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html

Scores

CVSS v3 7.2

EPSS 0.0875

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

moxa/edr-810_firmware < 5.1

Published Oct 08, 2019

Tracked Since Feb 18, 2026