Commmand injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the "caname" parameter in the "/xml/net_WebCADELETEGetValue" uri.
Created
September 19, 2018 09:50
-
-
Save tim124058/5c4babe391a016c771d2cccabead21cb to your computer and use it in GitHub Desktop.
CVE-2018-16282:EDR-810 Remote Code Execution
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
POC:
An authenticated attacker can use HTTP GET request to remotely execute arbitrary OS commands with ROOT privilege.
like this :
BUT if replace
/goform/
to/xml/
,the remote attacker can use ROOT privilege to execute arbitrary OS commands without any authentication.
like this :
Test payload:
If the page takes about 5 seconds to load, it means that it will be affected by this vulnerability.
Get shell:
Attacker can execute arbitrary OS commands with root privilege.