3 matches found
CVE-2019-5140
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...
Moxa AWK-3131A Series Industrial AP/Bridge/Client Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-5140)
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...
CVE-2019-5140
CVE-2019-5140 affects Moxa AWK-3131A firmware v1.13 (and prior per advisories). An OS command injection flaw in the iw_webs/diagnostic script handling allows a low-privilege authenticated user to inject commands via a crafted diagnostic script file name, leading to remote control of the device. T...