CVE-2017-14436
Description
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in Moxa EDR-810 V4.1 web server crashes on GET requests to specific .ini URIs without a cookie header.
Vulnerability
A null pointer dereference vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. When a GET request is sent to /MOXA_CFG2.ini (or /MOXA_LOG.ini, /MOXA_CFG.ini) without a cookie header, the server crashes due to a null pointer dereference in strcmp calls. The affected versions are Moxa EDR-810 V4.1 build 17030317 [1].
Exploitation
An attacker can trigger this denial of service by sending a crafted HTTP GET request to one of the vulnerable URIs without providing any cookie header. No authentication is required, and the attacker does not need any special network position beyond being able to reach the device [1].
Impact
The vulnerability causes the web server to crash, resulting in a denial of service. No information disclosure, file write, or remote code execution is achieved; the impact is solely availability (CIA: A/H) [1].
Mitigation
As of the publication date (2018-05-14), no fix or patch has been disclosed by Moxa. The device may be end-of-life; users should consider replacing it with a supported model. No workaround is available in the references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Talos/Moxav5Range: Moxa EDR-810 V4.1 build 17030317
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing NULL-pointer check on the Cookie header value before passing it to strcmp causes a null pointer dereference."
Attack vector
An unauthenticated attacker sends a crafted HTTP GET request to the URI `/MOXA_CFG2.ini` without including a Cookie header [ref_id=1]. The web server processes the URI and attempts to compare the (missing) cookie value against the string `/MOXA_CFG2.ini` via `strcmp`. Because the cookie pointer is NULL, this dereference crashes the web server process, resulting in a denial of service [CWE-476]. The attack requires no authentication and can be launched over the network from any reachable host [ref_id=1].
Affected code
The vulnerability resides in the web server binary of Moxa EDR-810 firmware V4.1 build 17030317. The crash occurs when handling GET requests to `/MOXA_CFG2.ini`; the code at address `0x1B55C` loads a pointer from `[R11,#s1]` into R0 and passes it directly to `strcmp` without checking for NULL. If the HTTP request lacks a Cookie header, that pointer is nil, causing a null pointer dereference [ref_id=1].
What the fix does
The advisory does not include a patch diff, but the vendor released new firmware on 2017-04-12 that resolves the issue [ref_id=1]. The fix would need to add a NULL-pointer check on the cookie header value before passing it to `strcmp`, so that a missing Cookie header does not cause a null pointer dereference. Without such a guard, any request to `/MOXA_CFG2.ini` (or the related URIs `/MOXA_CFG.ini` and `/MOXA_LOG.ini`) without a Cookie header will crash the web server [ref_id=1].
Preconditions
- authNo authentication required
- networkAttacker must be able to send HTTP requests to the device over the network
- inputHTTP request must target /MOXA_CFG2.ini (or /MOXA_CFG.ini, /MOXA_LOG.ini) and omit the Cookie header
Reproduction
curl -v 192.168.127.254/MOXA_CFG2.ini
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.