Command Injection Vulnerability in Moxa EDR 810 Router
CVE-2019-10969

7.2HIGH

Key Information:

Vendor: Moxa
Status: Moxa Edr 810
Vendor: CVE Published:; 8 October 2019

Summary

The Moxa EDR 810 router, in all versions up to 5.1, is susceptible to a command injection vulnerability that allows authenticated attackers to exploit the ping feature. By leveraging this flaw, an attacker can send unauthorized commands to the router, potentially leading to remote code execution. This vulnerability raises significant security concerns as it can compromise the integrity and functionality of the device.

Affected Version(s)

Moxa EDR 810 All versions 5.1 and prior

References

https://www.us-cert.gov/ics/advisories/icsa-19-274-03

x_refsource_MISC

http://packetstormsecurity.com/files/154943/Moxa-EDR-810-...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2019
Vulnerability Reserved
Apr 8, 2019