Moxa EDR 810 Series vulnerabilities - Kubernetes WAF | K8 Web Application Firewall | k8 Microservices Security

Common Vulnerabilities and Exposures

Moxa EDR 810 Series vulnerabilities

October 9, 2019

Overview :

Moxa EDR 810 Series Improper Input Validation and Improper Access Control vulnerabilities

Affected Product(s) :

EDR-810: All versions 5.1 and prior

Vulnerability Details :

CVE ID :	CVE-2019-10963
	Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. CVE-2019-10963 has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE ID :	CVE-2019-10969
	Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. CVE-2019-10969 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Solution :
Moxa recommends users upgrade to the latest firmware, v5.2 or later.

CVE-2019-10963 CVE-2019-10969 Improper Access Control Improper Input Validation Moxa EDR 810 Series

Advanced Machine Learning Based Web Security Solution

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

100%

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Demo Request Form

Overlay Image

100% Advanced Machine Learning Based Bot Management Solution

Demo Request Form

Sign up Now and Get Instant Access

All in One Web Security Platform

Overlay Image

Sign up Now and Get Instant Access

Overlay Image

Are you under attack?

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

The security of your details is important to us. Prophaze Technologies collects a variety of data that you provide directly to us. The types of data we gather will depend upon the services you use, how you use them, and what you choose to provide. We process your details when necessary to provide you with the services that you have requested when accepting our Terms of Services or when we have the legitimate interest(security, testing, analytics, and so on) to do so please checkout our page.

Attack Protection Hotline

Get emergency help 24x7

Overlay Image

Are you under attack?

The Prophaze WAF can be deployed in any Public cloud such as AWS, GCP, Azure, Digital Ocean and on Private Cloud instance like Microk8s

Attack Protection Hotline

Get emergency help 24x7

Overlay Image