what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Josh Hardin

Moxa TN-5900 Post Authentication Command Injection

Posted Jan 31, 2022

Authored by Matthew Bergin, Josh Hardin | Site korelogic.com

Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMTUpload.

tags | exploit, web

advisories | CVE-2021-46560

SHA-256 | 35bd8ec3c5b38937aa9d5775e8ed2feaacd3dfed7c92d6ae96cb03bf16903bcb

Download | Favorite | View

Moxa TN-5900 Firmware Upgrade Checksum Validation

Posted Jan 31, 2022

Authored by Matthew Bergin, Josh Hardin | Site korelogic.com

Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted

tags | exploit, arbitrary

advisories | CVE-2021-46559

SHA-256 | 2ac55dc0e94a52eae63ae9272eda3788cbe1002c37fa22d4db10498c8ab74404

Download | Favorite | View