Buffer Overflow Vulnerability in Moxa AWK-3121 Devices
CVE-2018-10695

8.8HIGH

Key Information:

Vendor
Moxa
Status
Awk-3121 Firmware
Vendor
CVE Published:
7 June 2019

Summary

A vulnerability in Moxa AWK-3121 version 1.14 allows for command execution through a buffer overflow in the email alert functionality. An attacker can exploit this by sending a specially crafted packet containing a string of 678 characters to the vulnerable POST parameters 'to1, to2, to3, to4'. This may enable unauthorized command execution on the device, posing significant risks to network integrity and device security.

References

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/maste...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.