Vulnerabilities > CVE-2019-5162 - Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

moxa

NVD

Published: 2020-02-25

Updated: 2022-06-13

Summary

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa AWK 3131A Firmware 1.13	1
Hardware	Moxa Moxa AWK 3131A -	1

Talos

id	TALOS-2019-0955
last seen	2020-03-09
published	2020-02-24
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0955
title	Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0955