Buffer Overflow Vulnerability in Moxa AWK-3121 Devices
CVE-2018-10693

8.8HIGH

Key Information:

Vendor
Moxa
Status
Awk-3121 Firmware
Vendor
CVE Published:
7 June 2019

Summary

A buffer overflow vulnerability exists in Moxa AWK-3121 devices running version 1.14. This issue allows an attacker to exploit the ping functionality, intended for administrators to perform ICMP checks, thus gaining the ability to execute arbitrary commands on the device. Specifically, the POST parameter 'srvName' can be manipulated with an oversized input of 516 characters, leading to potential unauthorized access and control over the device's operations.

References

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/maste...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.