PT-2019-8764 · Moxa · Moxa Awk-3121

Samuel Huntley

Publicado

2019-06-07

Atualizado

2023-02-28

CVE-2018-10697

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered in the Moxa AWK-3121 device, where the ping functionality, intended for administrators to check network connectivity via ICMP calls, can be exploited by an attacker to execute commands on the device. The srvName parameter in a POST request is susceptible to injection. By crafting a packet with shell metacharacters, an attacker can execute this attack.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the ping functionality or restricting access to the srvName parameter in the POST request to minimize the risk of exploitation. Avoid using the srvName parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-10697

Produtos afetados

Moxa Awk-3121

PT-2019-8764 · Moxa · Moxa Awk-3121

CVE-2018-10697

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6