Vulnerabilities > Moxa > AWK 3131A Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2019-5165 Improper Authentication vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-287
7.2
2020-02-25 CVE-2019-5162 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
8.8
2020-02-25 CVE-2019-5153 Out-of-bounds Write vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-787
8.8
2020-02-25 CVE-2019-5148 Integer Underflow (Wrap or Wraparound) vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13.
network
low complexity
moxa CWE-191
7.5
2020-02-25 CVE-2019-5143 Use of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-134
8.8
2020-02-25 CVE-2019-5142 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
7.2
2020-02-25 CVE-2019-5141 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
2020-02-25 CVE-2019-5140 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
2020-02-25 CVE-2019-5139 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13.
local
low complexity
moxa CWE-798
7.1
2020-02-25 CVE-2019-5137 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-798
7.5