cpe:/o:moxa:edr-810_firmware:4.1 CVE-2017-14432 2018-05-14T16:29:00.687-04:00 2018-06-15T14:56:41.027-04:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2018-06-15T13:14:58.523-04:00 MISC https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.