Vulnerabilities > CVE-2019-5148 - Integer Underflow (Wrap or Wraparound) vulnerability in Moxa Awk-3131A Firmware 1.13

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

moxa

CWE-191

NVD

Published: 2020-02-25

Updated: 2022-06-13

Summary

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa AWK 3131A Firmware 1.13	1
Hardware	Moxa Moxa AWK 3131A -	1

Common Weakness Enumeration (CWE)

CWE-191 - Integer Underflow (Wrap or Wraparound)

Talos

id	TALOS-2019-0938
last seen	2020-02-28
published	2020-02-24
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0938
title	Moxa AWK-3131A ServiceAgent denial-of-service vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0938