PT-2020-1750 · Moxa · Moxa Awk-3131A

Carl Hurd

Published

2020-02-25

Updated

2022-06-13

CVE-2019-5139

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description An issue exists in the Moxa AWK-3131A firmware due to the use of hard-coded credentials in multiple iw * utilities. This allows for the creation of custom diagnostic scripts, as the device operating system contains an undocumented encryption password.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling the use of hard-coded credentials in the iw * utilities as a temporary workaround until a patch is available. Restrict access to the undocumented encryption password to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

BDU:2020-00990

CVE-2019-5139

Affected Products

Moxa Awk-3131A

PT-2020-1750 · Moxa · Moxa Awk-3131A

CVE-2019-5139

Weakness Enumeration

Related Identifiers

Affected Products

References · 8