Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-10969Improper Input Validation in Edr-810 Firmware

CWE-20Improper Input Validation5 documents5 sources
Severity
7.2HIGHNVD
EPSS
4.9%
top 10.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Moxa Edr-810 Firmware
Timeline
PublishedOct 8
Latest updateMay 24

Description

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-vj73-6vqh-xccv: Moxa EDR 810, all versions 52022-05-24
OSV
jackson-databind vulnerabilities2021-03-15
CVEList
CVE-2019-10969: Moxa EDR 810, all versions 52019-10-08

💥Exploits & PoCs

1
Exploit-DB
Moxa EDR-810 - Command Injection / Information Disclosure2019-10-22
CVE-2019-10969 — Improper Input Validation | cvebase