PT-2020-1754 · Moxa · Moxa Awk-3131A

Published

2020-02-25

Updated

2022-06-13

CVE-2019-5143

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description A format string vulnerability exists in the iw console conio writestr functionality, allowing for an overflow of the time server buffer when a specially crafted time server entry is used. This can result in remote code execution. An attacker, authenticated as a low-privilege user, can send commands to trigger this issue.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling the conio writestr function in iw console as a temporary workaround until a patch is available. Restrict access to the time server configuration to minimize the risk of exploitation. Avoid using specially crafted time server entries in the affected firmware version until the issue is resolved.

Exploit

Fix

Use of Externally-Controlled Format String

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134CWE-120

Related Identifiers

BDU:2020-00994

CVE-2019-5143

Affected Products

Moxa Awk-3131A

PT-2020-1754 · Moxa · Moxa Awk-3131A

CVE-2019-5143

Weakness Enumeration

Related Identifiers

Affected Products

References · 8