Vulnerabilities > CVE-2019-5136 - Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
moxa
critical

Summary

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Moxa
1
Hardware
Moxa
1

Saint

descriptionMoxa AWK-3131A iw_console privilege escalation vulnerability
titlemoxa_iw_console_privilege_escalation
typeremote

Talos

idTALOS-2019-0925
last seen2020-02-27
published2020-02-24
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0925
titleMoxa AWK-3131A iw_console Privilege Escalation Vulnerability