CVE-2019-5162

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description An exploitable improper access control issue exists in the iw webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this issue.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling the iw webs account settings functionality until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of remote shell access. Avoid using specially crafted user name entries in the account settings to prevent overwriting existing user account passwords.