Vulnerability Description
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Edr-810 Firmware | <= 5.1 |
| Moxa | Edr-810 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Infor
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03Third Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/154943/Moxa-EDR-810-Command-Injection-Infor
- https://www.us-cert.gov/ics/advisories/icsa-19-274-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-10969?
CVE-2019-10969 is a vulnerability with a CVSS score of 7.2 (HIGH). Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code ...
How severe is CVE-2019-10969?
CVE-2019-10969 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10969?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Edr-810 Firmware, Moxa Edr-810.