Описание
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2 (исключая)
Одновременно
cpe:2.3:o:moxa:nport_w2x50a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:nport_w2x50a:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02219
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
EPSS
Процентиль: 84%
0.02219
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78