Tim124058

**Name of the Vulnerable Software and Affected Versions** Moxa EDR-810 version 4.2 build 18041013 **Description** A command injection issue in the web server functionality allows remote attackers to execute arbitrary OS commands with root privilege. This is achieved via the `caname` parameter to the "/xml/net WebCADELETEGetValue" API endpoint. **Recommendations** For Moxa EDR-810 version 4.2 build 18041013, avoid using the `caname` parameter in the "/xml/net WebCADELETEGetValue" API endpoint until the issue is resolved. Restrict access to this endpoint to minimize the risk of exploitation.