Lucene search
K

120 matches found

CNVD
CNVD
added 2019/06/10 12:0 a.m.4 views

Moxa AWK-3121 Buffer Overflow Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A buffer overflow vulnerability exists in the 'iwserverip' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to cause, for example, a buffer overflow or heap overflow...

8.8CVSS7.4AI score0.02582EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.2 views

Moxa AWK-3121 Parameter Injection Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A parameter injection vulnerability exists in the 'iwprivatePass' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute illegal commands...

8.8CVSS7.6AI score0.01938EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.3 views

Moxa AWK-3121 Information Disclosure Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An information disclosure vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by unauthorized attackers to obtain sensitive information about an affected component...

6.1CVSS6.2AI score0.01284EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.4 views

Moxa AWK-3121 Command Injection Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A command injection vulnerability exists in the 'iwfilename' parameter in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to execute an illegal command...

8.8CVSS7.9AI score0.05349EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/10 12:0 a.m.7 views

Moxa AWK-3121 Trust Management Issues Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A trust management issue vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to attack the affected component with a default password or hard-coded passwords and hard-code...

10CVSS7AI score0.02317EPSS
Exploits1References1
OSV
OSV
added 2019/06/07 8:29 p.m.4 views

CVE-2018-10701

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

8.8CVSS6.3AI score0.02604EPSS
Exploits1References3
OSV
OSV
added 2019/06/07 8:29 p.m.2 views

CVE-2018-10693

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is...

8.8CVSS6.3AI score0.02582EPSS
Exploits1References3
Prion
Prion
added 2019/06/07 8:29 p.m.15 views

Command injection

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

6.8CVSS9.4AI score0.05349EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/06/07 8:29 p.m.19 views

Sql injection

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST paramet...

9.3CVSS9.3AI score0.03675EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/06/07 8:29 p.m.12 views

Default credentials

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET...

10CVSS9.6AI score0.02317EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/06/07 8:29 p.m.2 views

CVE-2018-10691

An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log the system log. However, the same functionality allows an attacker to download the file without any authentication or authorization...

7.5CVSS5.8AI score0.02411EPSS
Exploits1References3
OSV
OSV
added 2019/06/07 8:29 p.m.6 views

CVE-2018-10690

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...

8.1CVSS5.8AI score
Exploits0References3
Prion
Prion
added 2019/06/07 8:29 p.m.19 views

Cross site scripting

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily...

4.3CVSS6.6AI score0.01284EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/06/07 8:29 p.m.25 views

CVE-2018-10692

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily...

6.1CVSS6.7AI score0.01284EPSS
Exploits1References3
NVD
NVD
added 2019/06/07 8:29 p.m.16 views

CVE-2018-10701

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

8.8CVSS9.3AI score0.02604EPSS
Exploits1References3
OSV
OSV
added 2019/06/07 8:29 p.m.3 views

CVE-2018-10699

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device...

8.8CVSS6AI score0.01938EPSS
Exploits1References3
NVD
NVD
added 2019/06/07 8:29 p.m.24 views

CVE-2018-10702

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

8.8CVSS9.2AI score0.05349EPSS
Exploits1References3
OSV
OSV
added 2019/06/07 8:29 p.m.2 views

CVE-2018-10694

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between t...

8.1CVSS5.8AI score0.00811EPSS
Exploits1References3
NVD
NVD
added 2019/06/07 8:29 p.m.16 views

CVE-2018-10691

An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log the system log. However, the same functionality allows an attacker to download the file without any authentication or authorization...

7.5CVSS8.2AI score0.02411EPSS
Exploits1References3
OSV
OSV
added 2019/06/07 8:29 p.m.5 views

CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iwboarddeviceName" is susceptible to this...

6.1CVSS6AI score0.39287EPSS
Exploits1References3
Rows per page
Query Builder