9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.5%
An exploitable OS Command Injection vulnerability exists in the web application ‘ping’ functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
Moxa AWK-3131A WAP Version 1.1 Build 15122211
<http://www.moxa.com/product/AWK-3131_Series.htm>
9.1 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
The ping feature of the Moxa AWK-3131A WAP web application is vulnerable to OS command injection. No obfuscation or encoding is needed - it appears there is no filtering of user input. Entering an OS command that is preceded with a ; results in the command being executed by the OS with root permissions.
An authenticated user may obtain a remote shell with root privilages by entering the following in the ping input box:
; /bin/busybox telnetd -l/bin/sh -p9999
then telnet to port 9999. The attacker will be connected to a /bin/sh shell as the root user, without needing to enter any credentials.
Exploitation of the vulnerable parameter requires authentication to the web application. However, commands are executed by the operating system as the root user, negating any user-level privilege enforcement by the web application.
2016-11-14 - Vendor Disclosure 2017-04-18 - Public Release
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
52.5%