The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems allows a intruder to execute arbitrary commands with root privileges.

The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious act...

CVE-2017-14459

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of several...

Command injection

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of several...

CVE-2017-14459

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of several...

CVE-2017-14459

CVE-2017-14459 affects the Moxa AWK-3131A industrial Wi‑Fi AP/bridge/client. The vulnerability is an OS command injection via the username parameter in Telnet, SSH and the local console login, allowing remote, unauthenticated, root‑level command execution. Root cause is tied to BusyBox loginutils...

Moxa AWK-3131A 1.4 < 1.7 - Username OS Command Injection Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ',...

Moxa AWK-3131A Wireless Access Point Hardcoded Administrator Certificate Vulnerability

The Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa. A security vulnerability exists in the Moxa AWK-3131A Wireless Access Point using firmware version 1.1, which originates from the use of hard-coded credentials by a root account. An attacker could use the vulnerability to ta...

Vulnerability Spotlight: Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

This vulnerability is discovered by Patrick DeSantis and Dave McDaniel of Cisco Talos Today, Talos is disclosing TALOS-2017-0507 CVE-2017-14459, a vulnerability that has been identified in Moxa AWK-3131A industrial wireless access point. The Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless...

Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

Summary An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of...

CVE-2016-8717

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...

CVE-2016-8717

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...

CVE-2016-8717

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...

CVE-2016-8717

CVE-2016-8717 affects Moxa AWK-3131A Wireless Access Point with firmware 1.1. The device OS contains an undocumented privileged root account with hard-coded credentials, enabling full control of affected devices. Public TALOS and relevant advisories confirm an exploitable hard-coded credentials v...

PT-2018-3750 · Moxa · Wdr-3124A Series +5

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless Access Point version 1.1 OnCell G3470A-LTE Series affected versions not specified WDR-3124A Series affected versions not specified TAP-323 Series affected versions not specified WAC-1001 Series affected versions not...

Moxa AWK-3131A Series Industrial IEEE Information Disclosure Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the Web Application feature of the Moxa AWK-3131A using firmware version 1.1. A remote attacker can exploit this vulnerability by retrieving a URL to obtain sensitive information...

Circle with Disney Startup WiFi Channel Parsing Command Injection Vulnerability

Summary An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...

Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)

Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)

Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...

Moxa AWK-3131A Web Application onekey Information Disclosure Vulnerability(CVE-2016-0241)

Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Tested Versions Moxa...

Moxa AWK-3131A HTTP GET Denial of Service Vulnerability(CVE-2016-8723)

Summary An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of...