Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-10963Use of Hard-coded Cryptographic Key in Edr-810 Firmware

CWE-321Use of Hard-coded Cryptographic Key4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
3.1%
top 13.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Moxa Edr-810 Firmware
Timeline
PublishedOct 8
Latest updateMay 24

Description

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8gff-6cc3-2wfw: Moxa EDR 810, all versions 52022-05-24
CVEList
CVE-2019-10963: Moxa EDR 810, all versions 52019-10-08

💥Exploits & PoCs

1
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure2019-10-22
CVE-2019-10963 — Use of Hard-coded Cryptographic Key | cvebase