PT-2020-1753 · Moxa · Moxa Awk-3131A

Alexander Perez Palma

Published

2020-02-25

Updated

2022-06-13

CVE-2019-5142

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description An exploitable command injection issue exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this issue.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling the hostname functionality until a patch is available to prevent exploitation. Restrict access to network configuration information to minimize the risk of exploitation. Avoid using the Device Name field in the network configuration until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2020-00993

CVE-2019-5142

Affected Products

Moxa Awk-3131A

PT-2020-1753 · Moxa · Moxa Awk-3131A

CVE-2019-5142

Weakness Enumeration

Related Identifiers

Affected Products

References · 8