CVEs-PoC/2018/CVE-2018-19659.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 10:14:49 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.

POC

Reference

http://packetstormsecurity.com/files/150535/Moxa-NPort-W2x50A-2.1-OS-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Nov/64

Github

No PoCs found on GitHub currently.

889 B Raw Blame History

CVE-2018-19659

Description

POC

Reference

Github

889 B

Raw Blame History