PT-2020-1747 · Moxa · Moxa Awk-3131A

Carl Hurd

Published

2020-02-25

Updated

2022-06-13

CVE-2019-5136

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description A privilege escalation issue exists in the iw console functionality, allowing an attacker to escape the restricted console and gain system access as the root user. This can be triggered by sending specially crafted commands while authenticated as a low-privilege user. The vulnerability is related to inadequate access control in the iw console component.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider restricting access to the iw console functionality until a patch is available. As a temporary workaround, limit the use of the console to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

BDU:2020-00987

CVE-2019-5136

Affected Products

Moxa Awk-3131A

PT-2020-1747 · Moxa · Moxa Awk-3131A

CVE-2019-5136

Weakness Enumeration

Related Identifiers

Affected Products

References · 7