CVE-2019-5142

2020-02-2515:28:37

CWE-78

talos

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.5%

JSON

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Moxa",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client version 1.13"
      }
    ]
  }
]