CVE-2019-10969

HIGH

Moxa Edr-810 Firmware < 5.1 - Improper Input Validation

Title source: rule

Description

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.

Exploits (1)

exploitdb WRITEUP

by RandoriSec · textremotehardware

https://www.exploit-db.com/exploits/47536

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsa-19-274-03

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Information-Disclosure.html

Scores

CVSS v3 7.2

EPSS 0.0491

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

moxa/edr-810_firmware < 5.1

Published Oct 08, 2019

Tracked Since Feb 18, 2026