Multiple OS Command Injection in Moxa NPort W2x50A products

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities (incl. PoC)

Maxim Khazov via Fulldisclosure:

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS
Command Injection vulnerabilities:

#1 Authenticated OS Command Injection in web server ping functionality

Reserverd CVE ID: CVE-2018-19659

A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root
user. Exploitation required authentication. This is similar to CVE-2017-12120.
......

Link to the complete advisory