28 matches found
CVE-2020-17891
TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code...
EUVD-2019-14745
Malware in sbrugna...
CVE-2025-34029
An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell...
VulnCheck KEV: CVE-2025-34024
An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell...
Moxa AWK-3131A Trust Management Issues Vulnerability
Moxa AWK-3131A is a wireless switch from Moxa. A trust management issue vulnerability exists in multiple iw utilities in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from the lack of an effective trust management mechanism in a networked system or product. An attacker c...
CVE-2019-5139
An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts...
CVE-2019-5138
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...
CVE-2019-5141
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...
CVE-2019-5153
An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send...
CVE-2019-5136
An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send command...
CVE-2019-5140
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attack...
CVE-2019-5142
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker ca...
Hardcoded credentials
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...
Moxa AWK-3131A iw_webs Function OS Command Injection Vulnerability (CNVD-2020-13477)
Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering specific elements of externall...
Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13481)
Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the 'Device Name' in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute arbitrary system commands to take control of the device...
Moxa AWK-3131A iw_webs Account Settings Function Access Control Error Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. An access control error vulnerability exists in the iwwebs account settings feature in the Moxa AWK-3131A using firmware version 1.13. The vulnerability arises from the network system or product not properly restricting access to resources fro...
Moxa AWK-3131A iw_webs Function Operating System Command Injection Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering special characters, commands,...
Moxa AWK-3131A ServiceAgent Trust Management Issue Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. A trust management issue vulnerability exists in the ServiceAgent binary in the Moxa AWK-3131A using firmware version 1.13. An attacker could exploit this vulnerability to decrypt captured traffic...
Moxa AWK-3131A Buffer Overflow Vulnerability
Moxa AWK-3131A is a wireless access device from Moxa. A buffer overflow vulnerability exists in the iwwebs configuration parsing function in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute code...
Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability
Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...