CVE-2017-12124
Description
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An improper input validation vulnerability in Moxa EDR-810 web server allows remote attackers to cause a denial of service via a crafted HTTP URI.
Vulnerability
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference due to improper input validation. When the URI does not start with a forward slash, the web server crashes. This affects firmware version V4.1 build 17030317 [1].
Exploitation
An attacker can send a crafted HTTP URI lacking a leading slash to trigger the vulnerability. The proof-of-concept involves sending GET A HTTP/1.1 to the server on port 80. No authentication is required, and the attack is network accessible [1].
Impact
Successful exploitation results in a null pointer dereference, causing the web server process to crash. This leads to a denial of service (DoS) condition, impacting availability only. The CVSSv3 score is 7.5 (High) with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [1].
Mitigation
The vendor released a patched firmware on 2018-04-12. Users should update to the latest firmware version to address the vulnerability. No workaround is available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/Moxav5Range: Moxa EDR-810 V4.1 build 17030317
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation on the first character of the HTTP URI causes a null pointer dereference when the character is not a forward slash."
Attack vector
An attacker can send a crafted HTTP request where the URI does not begin with a '/' character, such as `GET A HTTP/1.1` [ref_id=1]. The web server checks only the first byte of the URI; when it is not 0x2F, a null pointer dereference occurs, crashing the web server process [ref_id=1]. The attack requires no authentication and can be sent over the network to port 80, making it remotely exploitable [ref_id=1].
Affected code
The web server's URI parsing logic in the Moxa EDR-810 firmware (V4.1 build 17030317) checks only the first character of the URI for a forward slash (0x2F). If the first character is not 0x2F, the code path leads to a null pointer dereference that crashes the server [ref_id=1]. The vulnerable assembly shows a load-byte comparison (`CMP R3, #0x2F`) followed by a conditional branch that skips the crash path only when the character matches [ref_id=1].
What the fix does
The advisory does not include a patch diff, but the vendor released updated firmware on April 12, 2018 to address the issue [ref_id=1]. The fix likely adds proper input validation to ensure the URI starts with a '/' before proceeding with further processing, preventing the null pointer dereference [ref_id=1]. Without the patch source, the exact remediation cannot be confirmed from the available information.
Preconditions
- configThe target device must be running Moxa EDR-810 V4.1 build 17030317
- networkThe web server must be accessible on port 80/TCP
- authNo authentication is required
- inputThe attacker sends an HTTP request whose URI does not start with '/'
Reproduction
Send the following command to the target device on port 80: `echo 'GET A HTTP/1.1' | nc -nv 192.168.127.254 80` [ref_id=1]. The web server will crash due to a null pointer dereference when processing the malformed URI [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.