120 matches found
Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10690)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...
Moxa AWK-3121 Sensitive Cookie Without Httponly Flag (CVE-2018-10692)
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie Password508 does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. This plugin only works with Tenable.ot. Please visit...
Moxa AWK-3121 Improper Neutralization of Special Elements Used in a Command (CVE-2018-10697)
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST paramet...
Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10698)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET...
Moxa AWK-3121 Improper Neutralization of Special Elements Used in a Command (CVE-2018-10702)
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter iwfilename is susceptible to...
Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10694)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...
Moxa AWK-3121 Cross-Site Request Forgery (CVE-2018-10696)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her...
Moxa AWK-3121 Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2018-10693)
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter srvName is...
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the execution of operations beyond the buffer boundaries in memory, allowing an intruder to execute arbitrary code.
The vulnerability of the microprogrammed wireless access device for Moxa AWK-3121 lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the execution of certain operations goes beyond the buffer in memory. This allows a malicious user to execute arbitrary commands with root privileges.
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a speciall...
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands with root privileges.
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient verification of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a specially crafted...
Moxa AWK-3121 Encryption Issues Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An encryption issue vulnerability exists in Moxa AWK-3121 version 1.14. The vulnerability stems from the network system or product not properly using the relevant cryptographic algorithms, resulting in content not...
Moxa AWK-3121 Access Control Error Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An access control error vulnerability exists in the Moxa AWK-3121 version 1.14. The vulnerability arises from a network system or product that does not properly restrict access to resources from unauthorized roles...
Moxa AWK-3121 Information Disclosure Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An information disclosure vulnerability exists in Moxa AWK-3121 version 1.14. An attacker can exploit this vulnerability by sniffing traffic to obtain sensitive information...
Moxa AWK-3121 Trust Management Issues Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A trust management issue vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to attack the affected component with a default password or hard-coded passwords and hard-code...
Moxa AWK-3121 Command Injection Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A command injection vulnerability exists in the 'iwfilename' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute an illegal command...
Moxa AWK-3121 Command Injection Vulnerability (CNVD-2019-17004)
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A command injection vulnerability exists in the 'srvName' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute illegal commands...
Moxa AWK-3121 Buffer Overflow Vulnerability (CNVD-2019-17008)
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwfilename' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...
Moxa AWK-3121 Buffer Overflow Vulnerability (CNVD-2019-17001)
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'srvName' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...
Moxa AWK-3121 Buffer Overflow Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwserverip' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...