Mehrere Schwachstellen in Moxa NPort W2x50A products

Posted by: CERT USER 5 years, 11 months ago

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities (incl. PoC)

Maxim Khazov via Fulldisclosure:

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS
Command Injection vulnerabilities:

#1 Authenticated OS Command Injection in web server ping functionality

Reserverd CVE ID: CVE-2018-19659

A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root
user. Exploitation required authentication. This is similar to CVE-2017-12120.
......

Link to the complete advisory

Mehrere Schwachstellen in Moxa NPort W2x50A products

Posted by: CERT USER 5 years, 11 months ago

Recent Posts

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Categories

Tags

Feeds