Vulnerabilities > CVE-2019-5162 - Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
moxa
critical

Summary

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Moxa
1
Hardware
Moxa
1

Talos

idTALOS-2019-0955
last seen2020-03-09
published2020-02-24
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0955
titleMoxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability