Buffer overflow

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...

CVE-2018-10702

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

CVE-2018-10695

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST...

CVE-2018-10703

The CVE-2018-10703 entry affects Moxa AWK-3121 devices (version 1.14). The vulnerability is a buffer overflow in the iw_serverip POST parameter used by the device’s script-runner/troubleshooting functionality, which an attacker can exploit by sending a crafted packet containing 480 characters to ...

CVE-2018-10703

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwserverip" is susceptible ...

CVE-2018-10702

CVE-2018-10702 affects Moxa AWK-3121 (version 1.14) and involves a command-injection vulnerability in the device’s script-running functionality. The POST parameter "iw_filename" can be abused to inject shell commands, enabling an attacker to execute commands on the device via this feature. Public...

CVE-2018-10702

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

CVE-2018-10701

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iwfilename" is susceptible ...

CVE-2018-10701

The CVE-2018-10701 issue affects Moxa AWK-3121 (version 1.14). The POST parameter iw_filename is vulnerable to a buffer overflow when a 162-character string is crafted, which can allow an attacker to execute commands on the device. Public documents consistently describe this as a memory-buffer–re...

CVE-2018-10700

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iwboarddeviceName" is susceptible to this...

CVE-2018-10700

CVE-2018-10700 affects Moxa AWK-3121 (version 1.19). The vulnerability arises in the web interface via the POST parameter iw_board_deviceName, allowing an attacker to inject a payload and execute cross-site scripting (XSS). The issue is tied to an input handling flaw in the device name change fun...

CVE-2018-10699

CVE-2018-10699 affects Moxa AWK-3121, version 1.14. The vulnerability stems from the certfile upload functionality; the POST parameter iw_privatePass is susceptible to command injection. An attacker crafting input with shell metacharacters could execute arbitrary commands on the device, potential...

CVE-2018-10699

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device...

CVE-2018-10698

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET...

CVE-2018-10698

CVE-2018-10698 affects Moxa AWK-3121 v1.14. The device enables an unencrypted TELNET service by default, allowing an attacker with MITM access to sniff traffic and connect to the TELNET daemon using default credentials if unchanged. The issue is documented with a high-severity CVSS score (3.1: 9....

CVE-2018-10697

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST paramet...

CVE-2018-10697

The CVE-2018-10697 entry affects Moxa AWK-3121 (firmware 1.14). The vulnerability is a command injection in the POST parameter srvName exposed via the device’s ping functionality, allowing an attacker to craft input with shell metacharacters and execute commands on the device. Reported as impacti...

CVE-2018-10696

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her...

CVE-2018-10696

The CVE-2018-10696 entry applies to Moxa AWK-3121 devices (firmware 1.14). The issue is a Cross‑Site Request Forgery (CSRF) vulnerability in the device’s web interface, which can allow an attacker to trick an administrator into performing actions via the affected URI forms (e.g., forms/iw_webSetP...

CVE-2018-10695

CVE-2018-10695 affects Moxa AWK-3121 devices (version 1.14). The vulnerability arises from a buffer overflow in the device’s alert functionality used to email administrators about network changes; crafting a packet containing a 678-character string can lead to arbitrary command execution on the d...