CVE-2017-14459

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A versions 1.4 through 1.7

Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows an attacker to inject commands via the username parameter of several services, including Telnet, SSH, and console login, resulting in remote, unauthenticated, root-level operating system command execution.

Recommendations: For versions 1.4 through 1.7, as a temporary workaround, consider restricting access to the Telnet, SSH, and console login functionality until a patch is available. Avoid using the username parameter in the affected services to minimize the risk of exploitation.