Lucene search
K

120 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.14 views

Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10690)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...

8.1CVSS7.8AI score0.01468EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.10 views

Moxa AWK-3121 Sensitive Cookie Without Httponly Flag (CVE-2018-10692)

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie Password508 does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. This plugin only works with Tenable.ot. Please visit...

6.1CVSS6.7AI score0.01284EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.10 views

Moxa AWK-3121 Improper Neutralization of Special Elements Used in a Command (CVE-2018-10697)

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST paramet...

9.3CVSS8.2AI score0.03675EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.35 views

Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10698)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET...

10CVSS8.3AI score0.02317EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.12 views

Moxa AWK-3121 Improper Neutralization of Special Elements Used in a Command (CVE-2018-10702)

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter iwfilename is susceptible to...

8.8CVSS8.3AI score0.05349EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.12 views

Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10694)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...

8.1CVSS7.8AI score0.00811EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.10 views

Moxa AWK-3121 Cross-Site Request Forgery (CVE-2018-10696)

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her...

8.8CVSS8AI score0.01103EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.15 views

Moxa AWK-3121 Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2018-10693)

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter srvName is...

8.8CVSS8.7AI score0.02582EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2020/03/26 12:0 a.m.5 views

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the execution of operations beyond the buffer boundaries in memory, allowing an intruder to execute arbitrary code.

The vulnerability of the microprogrammed wireless access device for Moxa AWK-3121 lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS8.3AI score0.02604EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.6 views

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the execution of certain operations goes beyond the buffer in memory. This allows a malicious user to execute arbitrary commands with root privileges.

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a speciall...

10CVSS8.2AI score0.02582EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.4 views

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient verification of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a specially crafted...

10CVSS8AI score0.05349EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

Moxa AWK-3121 Encryption Issues Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An encryption issue vulnerability exists in Moxa AWK-3121 version 1.14. The vulnerability stems from the network system or product not properly using the relevant cryptographic algorithms, resulting in content not...

8.1CVSS6.9AI score0.00811EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

Moxa AWK-3121 Access Control Error Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An access control error vulnerability exists in the Moxa AWK-3121 version 1.14. The vulnerability arises from a network system or product that does not properly restrict access to resources from unauthorized roles...

7.5CVSS7AI score0.02411EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/12 12:0 a.m.3 views

Moxa AWK-3121 Information Disclosure Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An information disclosure vulnerability exists in Moxa AWK-3121 version 1.14. An attacker can exploit this vulnerability by sniffing traffic to obtain sensitive information...

8.1CVSS6.2AI score0.01468EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.7 views

Moxa AWK-3121 Trust Management Issues Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A trust management issue vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to attack the affected component with a default password or hard-coded passwords and hard-code...

10CVSS7AI score0.02317EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.6 views

Moxa AWK-3121 Command Injection Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A command injection vulnerability exists in the 'iwfilename' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute an illegal command...

8.8CVSS7.9AI score0.05349EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.4 views

Moxa AWK-3121 Command Injection Vulnerability (CNVD-2019-17004)

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A command injection vulnerability exists in the 'srvName' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute illegal commands...

9.3CVSS7.9AI score0.03675EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.4 views

Moxa AWK-3121 Buffer Overflow Vulnerability (CNVD-2019-17008)

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwfilename' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

8.8CVSS7.4AI score0.02604EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.2 views

Moxa AWK-3121 Buffer Overflow Vulnerability (CNVD-2019-17001)

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'srvName' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

8.8CVSS7.4AI score0.02582EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.6 views

Moxa AWK-3121 Buffer Overflow Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwserverip' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

8.8CVSS7.4AI score0.02582EPSS
Exploits1References1
Rows per page
Query Builder