CVE-2019-5153

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description The issue is related to a buffer overflow in the iw webs component of the Moxa AWK-3131A firmware. It allows a remote attacker to execute arbitrary code by exploiting the vulnerability in the configuration parsing functionality. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. This can be triggered by an attacker sending commands while authenticated as a low-privilege user.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling the iw webs component until a patch is available to prevent exploitation. Restrict access to the configuration parsing functionality to minimize the risk of remote code execution. Avoid using specially crafted user name entries in the affected firmware version until the issue is resolved.