CVE-2019-5165

Name of the Vulnerable Software and Affected Versions Moxa AWK-3131A firmware version 1.13

Description An authentication bypass issue exists due to errors in hostname processing. This can be exploited by a remote attacker who sends specially crafted SNMP requests, potentially leading to a bypass of web authentication and privilege escalation. The vulnerability can be triggered by configuring a device hostname in a specific way, causing the device to misinterpret remote traffic as local traffic.

Recommendations For Moxa AWK-3131A firmware version 1.13, consider disabling SNMP requests or restricting access to the device until a patch is available. As a temporary workaround, avoid using specially configured device hostnames that could trigger this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.