Lucene search
+L

7 matches found

talos
talos
added 2020/02/24 12:0 a.m.58 views

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

9.9CVSS9.1AI score0.02695EPSS
Exploits1
talos
talos
added 2020/02/24 12:0 a.m.51 views

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

7.1CVSS6.7AI score0.00337EPSS
Exploits1
talos
talos
added 2020/02/24 12:0 a.m.70 views

Moxa AWK-3131A iw_console Privilege Escalation Vulnerability

Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...

9CVSS9AI score0.02479EPSS
Exploits4
prion
prion
added 2018/04/11 4:29 p.m.12 views

Command injection

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of several...

10CVSS9.9AI score0.12169EPSS
Exploits1References1Affected Software1
talos
talos
added 2018/04/03 12:0 a.m.57 views

Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

Summary An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of...

10CVSS10AI score0.12169EPSS
Exploits1
talos
talos
added 2017/04/10 12:0 a.m.43 views

Moxa AWK-3131A Web Application Nonce Reuse Vulnerability

Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...

8.1CVSS7.1AI score0.01353EPSS
Exploits2
talos
talos
added 2017/04/10 12:0 a.m.36 views

Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability

Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability Summary An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without...

5.3CVSS5AI score0.01301EPSS
Exploits2
Rows per page
Query Builder