CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

CVE-2019-5141

CVE-2019-5141 affects Moxa AWK-3131A, firmware 1.13. An exploitable OS command injection in the iw_webs function via the iw_serverip parameter allows an authenticated, low-privilege user to trigger remote control over the device. The root cause involves user input being reflected in a subsequent ...

CVE-2019-5140

CVE-2019-5140 affects Moxa AWK-3131A firmware v1.13 (and prior per advisories). An OS command injection flaw in the iw_webs/diagnostic script handling allows a low-privilege authenticated user to inject commands via a crafted diagnostic script file name, leading to remote control of the device. T...

CVE-2019-5140

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...

Moxa AWK-3131A iw_webs Function OS Command Injection Vulnerability (CNVD-2020-13477)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering specific elements of externall...

Moxa AWK-3131A Access Control Error Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An access control error vulnerability exists in the 'iwconsole' function in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to gain access to the system as root with the help of a menu selection strin...

Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13481)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the 'Device Name' in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute arbitrary system commands to take control of the device...

Moxa AWK-3131A iw_webs Account Settings Function Access Control Error Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An access control error vulnerability exists in the iwwebs account settings feature in the Moxa AWK-3131A using firmware version 1.13. The vulnerability arises from the network system or product not properly restricting access to resources fro...

Moxa AWK-3131A iw_webs Function Operating System Command Injection Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering special characters, commands,...

Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13473)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the Moxa AWK-3131A using firmware version 1.13. The vulnerability can be exploited to execute arbitrary busybox commands and take control of the device with the help of specially...

Moxa AWK-3131A ServiceAgent Trust Management Issue Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A trust management issue vulnerability exists in the ServiceAgent binary in the Moxa AWK-3131A using firmware version 1.13. An attacker could exploit this vulnerability to decrypt captured traffic...

Moxa AWK-3131A Authentication Bypass Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A security vulnerability exists in the handling of host names in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to bypass authentication by sending an authenticated SNMP request...

Moxa AWK-3131A Buffer Overflow Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A buffer overflow vulnerability exists in the iwwebs configuration parsing function in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute code...

Vulnerability Spotlight: Multiple vulnerabilities in Moxa AWK-3131A

Jared Rittle and Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Moxa AWK-3131A networking device contains several different vulnerabilities that an attacker could exploit to carry out malicious activities in an industrial environment. The AWK-3131A is a wirele...

Moxa AWK-3131A iw_console Privilege Escalation Vulnerability

Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

Moxa AWK-3131A iw_console conio_writestr Remote Code Execution Vulnerability

Summary An exploitable format string vulnerability exists in the iwconsole coniowritestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send...

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

Moxa AWK-3131A ServiceAgent Use of Hard-coded Cryptographic Key

Summary The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Tested Versions Moxa AWK-3131A Firmware version 1.13 Product URLs...

Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker ca...