Filtered by vendor Moxa
Subscriptions
Filtered by product Awk-3131a
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5141 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-5140 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-5139 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 7.1 High |
| An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | ||||
| CVE-2019-5138 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.9 Critical |
| An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 7.5 High |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | ||||
| CVE-2019-5136 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | N/A |
| An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | ||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | ||||