SB2018041804 - Multiple vulnerabilities in Moxa EDR-810
Published: April 18, 2018
Security Bulletin ID
SB2018041804
Severity
Low
Patch available
YES
Number of vulnerabilities
17
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) OS command injection (CVE-ID: CVE-2017-12120)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the ip= parm in the "/goform/net_WebPingGetValue" URI.
2) OS command injection (CVE-ID: CVE-2017-14432)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.
3) OS command injection (CVE-ID: CVE-2017-14433)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.
4) OS command injection (CVE-ID: CVE-2017-14434)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges in the "/goform/net_Web_get_value" uri.
5) Weak cryptography for passwords (CVE-ID: CVE-2017-12129)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the web server functionality due to weak cryptography for passwords. A remote attacker can intercept weakly encrypted passwords and brute force them.
6) OS command injection (CVE-ID: CVE-2017-12121)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the rsakey_name= parm in the "/goform/WebRSAKEYGen" uri.
7) Improper input validation (CVE-ID: CVE-2017-14438)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.
8) Improper input validation (CVE-ID: CVE-2017-14439)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the Service Agent functionality due to improper input validation. A remote attacker can submit a specially crafted packet to 4000/tcp and 4001/tcp and cause the service to crash.
9) NULL pointer dereference (CVE-ID: CVE-2017-14435)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.
10) NULL pointer dereference (CVE-ID: CVE-2017-14436)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.
11) NULL pointer dereference (CVE-ID: CVE-2017-14437)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted GET request to "/MOXA_LOG.ini, /MOXA_CFG.ini, or /MOXA_CFG2.ini" without a cookie header and cause the service to crash.
12) Cleartext transmission of sensitive information (CVE-ID: CVE-2017-12123)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the web server and telnet functionality due to clear text transmission of password. A remote attacker can look at network traffic to get the admin password for the device, use the credentials to login as admin and gain access to potentially sensitive information.
13) NULL pointer dereference (CVE-ID: CVE-2017-12124)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the web server functionality due to NULL pointer dereference. A remote attacker can submit a specially crafted HTTP URI and cause the service to crash.
14) OS command injection (CVE-ID: CVE-2017-12125)
The vulnerability allows a remote attacker to inject and execute arbitrary commands with elevated privileges on the target system.The weakness exists in the web server functionality due to OS command injection. A remote attacker can submit a specially crafted HTTP POST and execute arbitrary commands with root privileges into the CN= parm in the "/goform/net_WebCSRGen" uri.
15) Information disclosure (CVE-ID: CVE-2017-12128)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists in the Server Agent functionality due to improper information control. A remote attacker can submit a specially crafted TCP packet and gain access to potentially sensitive information.
16) Cross-site request forgery (CVE-ID: CVE-2017-12126)
The vulnerability allows a remote attacker to conduct cross-site request forgery attack and gain elevated privileges on the target system.The weakness exists in the web server functionality due to insufficient CSRF protections. A remote attacker can submit a specially crafted HTML and gain root prvileges.
17) Plaintext storage of a password (CVE-ID: CVE-2017-12127)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists in the operating system functionality due to plaintext storage of a password. A local attacker can extract passwords in clear text.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479