Lucene search

[email protected]CVE-2021-39279

HistorySep 07, 2021 - 6:15 a.m.

CVE-2021-39279

2021-09-0706:15:00

CWE-78

[email protected]

web.nvd.nist.gov

moxa devices

authenticated command injection

web_importtftp

cve-2021-39279

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.0%

JSON

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

CPENameOperatorVersion
moxa:wac-2004_firmwaremoxa wac-2004 firmwareeq1.7
moxa:wac-1001_firmwaremoxa wac-1001 firmwareeq2.1
moxa:wac-1001-t_firmwaremoxa wac-1001-t firmwareeq2.1
moxa:oncell_g3470a-lte-eu_firmwaremoxa oncell g3470a-lte-eu firmwareeq1.7
moxa:oncell_g3470a-lte-eu-t_firmwaremoxa oncell g3470a-lte-eu-t firmwareeq1.7
moxa:tap-323-eu-ct-t_firmwaremoxa tap-323-eu-ct-t firmwareeq1.3
moxa:tap-323-us-ct-t_firmwaremoxa tap-323-us-ct-t firmwareeq1.3
moxa:tap-323-jp-ct-t_firmwaremoxa tap-323-jp-ct-t firmwareeq1.3
moxa:wdr-3124a-eu_firmwaremoxa wdr-3124a-eu firmwareeq2.3
moxa:wdr-3124a-eu-t_firmwaremoxa wdr-3124a-eu-t firmwareeq2.3

CPE	Name	Operator	Version
moxa:wac-2004_firmware	moxa wac-2004 firmware	eq	1.7
moxa:wac-1001_firmware	moxa wac-1001 firmware	eq	2.1
moxa:wac-1001-t_firmware	moxa wac-1001-t firmware	eq	2.1
moxa:oncell_g3470a-lte-eu_firmware	moxa oncell g3470a-lte-eu firmware	eq	1.7
moxa:oncell_g3470a-lte-eu-t_firmware	moxa oncell g3470a-lte-eu-t firmware	eq	1.7
moxa:tap-323-eu-ct-t_firmware	moxa tap-323-eu-ct-t firmware	eq	1.3
moxa:tap-323-us-ct-t_firmware	moxa tap-323-us-ct-t firmware	eq	1.3
moxa:tap-323-jp-ct-t_firmware	moxa tap-323-jp-ct-t firmware	eq	1.3
moxa:wdr-3124a-eu_firmware	moxa wdr-3124a-eu firmware	eq	2.3
moxa:wdr-3124a-eu-t_firmware	moxa wdr-3124a-eu-t firmware	eq	2.3

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/164014

www.moxa.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for CVE-2021-39279

checkpoint_advisories1 prion1 zdt1 packetstorm1