Privilege escalation in Moxa EDR-810 - CVE-2016-8346
Published: October 20, 2016 / Updated: October 21, 2016
Vulnerability identifier: #VU1035
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-8346
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
Moxa EDR-810
Moxa EDR-810
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to gain elevated privileges on the target system.
The weakness is due to improper security limitations. By obtaining a specific URL on the web server, attackers can access system configuration and log files that may lead to further attacks.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
The weakness is due to improper security limitations. By obtaining a specific URL on the web server, attackers can access system configuration and log files that may lead to further attacks.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
How to mitigate CVE-2016-8346
Update to version 3.13.