Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 5:58 p.m.14 views

CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

8.8CVSS7.3AI score0.05136EPSS
Exploits1References1
OSV
OSV
added 2021/06/25 7:15 p.m.4 views

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

8.8CVSS7.3AI score0.0173EPSS
Exploits0References1
OSV
OSV
added 2021/06/25 7:15 p.m.3 views

CVE-2021-33533

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. ...

8.8CVSS7.3AI score0.0173EPSS
Exploits0References1
OSV
OSV
added 2021/06/25 7:15 p.m.2 views

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

8.8CVSS5.8AI score0.01048EPSS
Exploits0References1
NVD
NVD
added 2021/06/25 7:15 p.m.12 views

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

9CVSS0.0173EPSS
Exploits0References1
CVE
CVE
added 2021/06/25 6:25 p.m.82 views

CVE-2021-33533

The CVE-2021-33533 entry affects Weidmueller Industrial WLAN devices. The vulnerability is an OS command injection in the iw_webs functionality: a crafted iw_serverip input is reflected in a subsequent iw_system call, allowing an authenticated, low-privilege user to execute commands and take remo...

9CVSS8.9AI score0.0173EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/25 6:25 p.m.18 views

CVE-2021-33533 WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. ...

8.8CVSS9.1AI score0.0173EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/03/12 12:0 a.m.5 views

The vulnerabilities of the iw_troubleshoot, iw_onekey, and iw_webs components of the wireless access point software for Moxa AWK-3131A industrial systems allow attackers to create their own diagnostic scenarios.

The vulnerability of the iwtroubleshoot, iwonekey, and iwwebs components of the wireless access point software for Moxa AWK-3131A industrial systems is related to the use of pre-installed registration data. Exploiting this vulnerability could allow attackers to create their own diagnostic scenari...

7.1CVSS6.7AI score0.00337EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/02/25 4:15 p.m.3 views

CVE-2019-5153

An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send...

8.8CVSS6.4AI score0.04557EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/25 12:0 a.m.2 views

Moxa AWK-3131A iw_webs Function Operating System Command Injection Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering special characters, commands,...

8.8CVSS7.9AI score0.05136EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/25 12:0 a.m.4 views

Moxa AWK-3131A iw_webs Function OS Command Injection Vulnerability (CNVD-2020-13477)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering specific elements of externall...

8.8CVSS7.8AI score0.02911EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/25 12:0 a.m.3 views

Moxa AWK-3131A Buffer Overflow Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A buffer overflow vulnerability exists in the iwwebs configuration parsing function in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute code...

9.9CVSS7.6AI score0.04557EPSS
Exploits1References1
Talos
Talos
added 2020/02/24 12:0 a.m.55 views

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

9.9CVSS9.1AI score0.02695EPSS
Exploits1
Talos
Talos
added 2020/02/24 12:0 a.m.50 views

Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...

8.8CVSS1.2AI score0.02911EPSS
Exploits0
Rows per page
Query Builder