CVE-2021-39279

Name of the Vulnerable Software and Affected Versions MOXA WAC-2004 version 1.7 MOXA WAC-1001 version 2.1 MOXA WAC-1001-T version 2.1 MOXA OnCell G3470A-LTE-EU version 1.7 MOXA OnCell G3470A-LTE-EU-T version 1.7 MOXA TAP-323-EU-CT-T version 1.3 MOXA TAP-323-US-CT-T version 1.3 MOXA TAP-323-JP-CT-T version 1.3 MOXA WDR-3124A-EU version 2.3 MOXA WDR-3124A-EU-T version 2.3 MOXA WDR-3124A-US version 2.3 MOXA WDR-3124A-US-T version 2.3

Description The issue is related to authenticated command injection via the "/forms/web importTFTP" endpoint. This allows a remote attacker to elevate their privileges by exploiting the lack of measures to neutralize special elements used in operating system commands.

Recommendations For MOXA WAC-2004 version 1.7, consider disabling access to the "/forms/web importTFTP" endpoint until a patch is available. For MOXA WAC-1001 version 2.1, restrict access to the "/forms/web importTFTP" endpoint to minimize the risk of exploitation. For MOXA WAC-1001-T version 2.1, avoid using the "/forms/web importTFTP" endpoint until the issue is resolved. For MOXA OnCell G3470A-LTE-EU version 1.7, temporarily disable the "/forms/web importTFTP" endpoint. For MOXA OnCell G3470A-LTE-EU-T version 1.7, restrict access to the "/forms/web importTFTP" endpoint. For MOXA TAP-323-EU-CT-T version 1.3, consider disabling the "/forms/web importTFTP" endpoint. For MOXA TAP-323-US-CT-T version 1.3, avoid using the "/forms/web importTFTP" endpoint. For MOXA TAP-323-JP-CT-T version 1.3, restrict access to the "/forms/web importTFTP" endpoint. For MOXA WDR-3124A-EU version 2.3, temporarily disable the "/forms/web importTFTP" endpoint. For MOXA WDR-3124A-EU-T version 2.3, restrict access to the "/forms/web importTFTP" endpoint. For MOXA WDR-3124A-US version 2.3, consider disabling the "/forms/web importTFTP" endpoint. For MOXA WDR-3124A-US-T version 2.3, avoid using the "/forms/web importTFTP" endpoint until the issue is resolved.