CVE-2017-12125

Name of the Vulnerable Software and Affected Versions Moxa EDR-810 version 4.1 build 17030317

Description A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the CN parameter in the "/goform/net WebCSRGen" API endpoint to trigger this issue.

Recommendations For Moxa EDR-810 version 4.1 build 17030317, as a temporary workaround, consider restricting access to the "/goform/net WebCSRGen" API endpoint and avoid using the CN parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.