Vulnerabilities > CVE-2019-5153 - Out-of-bounds Write vulnerability in Moxa Awk-3131A Firmware 1.13

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

moxa

CWE-787

NVD

Published: 2020-02-25

Updated: 2022-06-13

Summary

An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa AWK 3131A Firmware 1.13	1
Hardware	Moxa Moxa AWK 3131A -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0944
last seen	2020-02-28
published	2020-02-24
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0944
title	Moxa AWK-3131A iw_webs User Configuration Remote Code Execution Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0944