CVE-2017-12123
Description
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moxa EDR-810 V4.1 transmits admin password in clear text over HTTP and telnet, allowing network attackers to capture credentials.
Vulnerability
Moxa EDR-810 V4.1 build 17030317 transmits the administrative password in clear text over HTTP and telnet. By default, the device uses HTTP instead of HTTPS, and passwords are sent unencrypted in POST requests to /init.asp. This affects the web server and telnet functionality.
Exploitation
An attacker with network access to the device can monitor traffic and capture the admin password. The password is sent as plain text in the Password parameter of the login POST request, as demonstrated in the proof-of-concept provided by Talos [1].
Impact
Successful exploitation allows the attacker to obtain the admin password and gain full administrative access to the device, leading to compromise of the device's configuration and network traffic.
Mitigation
Moxa released a firmware update on April 12, 2018, which addresses this vulnerability. Users should update to the latest firmware version. No other workarounds are mentioned in the available reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/Moxav5Range: Moxa EDR-810 V4.1 build 17030317
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The device transmits the admin password in cleartext over HTTP instead of using HTTPS or encryption."
Attack vector
An attacker on the same network segment can passively monitor network traffic to capture the admin password. The device uses HTTP by default rather than HTTPS, so login credentials are transmitted in cleartext in POST requests to `/init.asp` [ref_id=1]. No authentication is required to observe the traffic; the attacker simply needs network access to the device's traffic flow. Once the password is obtained, the attacker can use those credentials to log in as admin [ref_id=1].
Affected code
The web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317 transmit passwords in cleartext. The device uses HTTP instead of HTTPS by default, and the login POST request to `/init.asp` sends the password as a plaintext form parameter (e.g., `Password=moxa`) [ref_id=1].
What the fix does
The vendor patched the vulnerability and published new firmware on April 12, 2018 [ref_id=1]. The advisory does not include a patch diff, but the remediation involves ensuring that passwords are not transmitted in cleartext — likely by enforcing HTTPS or encrypting the credential payload. Users should upgrade to the patched firmware version to prevent passive credential interception [ref_id=1].
Preconditions
- networkAttacker must be on the same network segment as the target device to observe HTTP traffic
- configDevice must be using its default HTTP configuration (no HTTPS enforced)
Reproduction
1. Place a network sniffer (e.g., tcpdump or Wireshark) on the same LAN segment as the Moxa EDR-810. 2. Wait for an administrator to log into the web interface, or trigger a login by sending a POST to `http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.