CVE-2017-14432

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317

Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by a specially crafted HTTP POST, where an attacker can inject OS commands into the openvpnServer0 tmp= parameter in the "/goform/net Web get value" URI.

Recommendations: For Moxa EDR-810 version 4.1 build 17030317, consider restricting access to the "/goform/net Web get value" URI to minimize the risk of exploitation. Avoid using the openvpnServer0 tmp= parameter in this URI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.