Moxa

Awk-3131a Firmware

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2019-5165

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulti...

9

CVE-2019-5162

Exploit
  • EPSS 0.52%
  • Veröffentlicht 25.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:28

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, r...

8.8

CVE-2019-5153

Exploit
  • EPSS 2.27%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:27

An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting ...

7.5

CVE-2019-5148

Exploit
  • EPSS 0.71%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:26

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of...

8.8

CVE-2019-5143

Exploit
  • EPSS 3.06%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote c...

9

CVE-2019-5142

Exploit
  • EPSS 2.21%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resultin...

8.8

CVE-2019-5141

Exploit
  • EPSS 5.75%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting i...

8.8

CVE-2019-5140

  • EPSS 1.98%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulti...

7.1

CVE-2019-5139

Exploit
  • EPSS 0.13%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom di...

9.9

CVE-2019-5138

Exploit
  • EPSS 3.71%
  • Veröffentlicht 25.02.2020 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:44:25

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting ...