Lucene search
CVE-2017-14459
OS Command Injection in Moxa AWK-3131A firmware 1.4-1.
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability | 3 Apr 201806:21 | – | talosblog |
 | CVE-2017-14459 | 11 Apr 201816:00 | – | cvelist |
 | Moxa AWK-3131A 1.4 < 1.7 - Username OS Command Injection Exploit | 4 Apr 201800:00 | – | zdt |
 | Moxa AWK OS Command Injection (CVE-2017-14459) | 2 Aug 202300:00 | – | nessus |
 | Command injection | 11 Apr 201816:29 | – | prion |
 | CVE-2017-14459 | 11 Apr 201816:29 | – | nvd |
 | Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability | 3 Apr 201800:00 | – | talos |
Node
OROROR
[
{
"product": "Moxa",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client versions 1.4 - 1.9. In addition, versions prior to 1.4 appear similarly vulnerable to injection, but not as easily exploitable (described below). Other models in the AWK product line may likewise be vulnerable but have not been tested."
}
]
}
]| Source | Link |
|---|---|
| talosintelligence | www.talosintelligence.com/vulnerability_reports/TALOS-2017-0507 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | query param | /login | OS Command Injection vulnerability allows command execution via username parameter during Telnet, SSH, and console login. | CWE-78 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo11 Apr 2018 16:29Current
9.9High risk
Vulners AI Score9.9
CVSS210
CVSS39.8 - 10
EPSS0.20599