The vulnerabilities of the iw_troubleshoot, iw_onekey, and iw_webs components of the wireless access point software for Moxa AWK-3131A industrial systems allow attackers to create their own diagnostic scenarios.

The vulnerability of the iwtroubleshoot, iwonekey, and iwwebs components of the wireless access point software for Moxa AWK-3131A industrial systems is related to the use of pre-installed registration data. Exploiting this vulnerability could allow attackers to create their own diagnostic scenari...

The vulnerability of the iw_webs component in the wireless access point software for Moxa AWK-3131A industrial systems allows a hacker to execute arbitrary code.

The vulnerability of the iwwebs component in the wireless access point software for Moxa AWK-3131A industrial systems is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

The vulnerability of the iw_webs component in the wireless access point software for Moxa AWK-3131A industrial systems allows a hacker to gain full control over the device.

The vulnerability of the iwwebs component in the wireless access point software for Moxa AWK-3131A industrial systems exists due to the lack of measures taken to neutralize the special elements used in the operating system. Exploiting this vulnerability can allow a malicious actor to gain full...

The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3131A industrial systems arises from errors in updating the “Device Name” (the hostname). This allows a hacker to gain full control over the device.

The wireless access point software for Moxa AWK-3131A industrial systems is vulnerable to errors when modifying the “Device Name” host name. Exploiting this vulnerability can allow a malicious actor to gain full control over the device remotely...

The vulnerability of the diagnostic script of the microprogramming software for wireless access points in industrial systems, Moxa AWK-3131A, allows a intruder to execute arbitrary commands.

The vulnerability of the diagnostic script of the microprogramming software for wireless access points in Moxa AWK-3131A systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious acto...

Moxa AWK-3131A Series Industrial AP/Bridge/Client

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level is needed to exploit/public exploits are available Vendor: Moxa Equipment: Moxa AWK-3131A Vulnerabilities: Improper Access Control, Use of Hard-coded Cryptographic Key, OS Command Injection, Use of Hard-coded...

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

Moxa AWK-3131A Trust Management Issues Vulnerability

Moxa AWK-3131A is a wireless switch from Moxa. A trust management issue vulnerability exists in multiple iw utilities in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker c...

CVE-2019-5165

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attack...

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...

CVE-2019-5153

An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send...

CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

CVE-2019-5138

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

CVE-2019-5148

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packe...

CVE-2019-5140

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...

CVE-2019-5143

An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands whil...