CVE-2019-5141

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can...

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

CVE-2021-33533

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. ...

CVE-2021-33532

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the...

CVE-2021-33538

In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iwwebs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access ...

CVE-2021-33533 WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. ...

CVE-2021-33533

The CVE-2021-33533 entry affects Weidmueller Industrial WLAN devices. The vulnerability is an OS command injection in the iw_webs functionality: a crafted iw_serverip input is reflected in a subsequent iw_system call, allowing an authenticated, low-privilege user to execute commands and take remo...

CVE-2019-5153

An exploitable remote code execution vulnerability exists in the iwwebs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send...

Moxa AWK-3131A iw_webs Function OS Command Injection Vulnerability (CNVD-2020-13477)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering specific elements of externall...

Moxa AWK-3131A iw_webs Function Operating System Command Injection Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the iwwebs function in the Moxa AWK-3131A using firmware version 1.13. The vulnerability stems from a network system or product not properly filtering special characters, commands,...

Moxa AWK-3131A Buffer Overflow Vulnerability

Moxa AWK-3131A is a wireless access device from Moxa. A buffer overflow vulnerability exists in the iwwebs configuration parsing function in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute code...

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...