CVE-2017-14434

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317

Description: A command injection issue exists in the web server functionality, allowing for privilege escalation to root shell. This can be triggered by injecting OS commands into the remoteNetmask0 parameter in the "/goform/net Web get value" API endpoint via a specially crafted HTTP POST request.

Recommendations: For Moxa EDR-810 version 4.1 build 17030317, consider restricting access to the "/goform/net Web get value" API endpoint to minimize the risk of exploitation. Avoid using the remoteNetmask0 parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.