CSRF Vulnerability in Moxa AWK-3121 by Moxa
CVE-2018-10696

8.8HIGH

Key Information:

Vendor

Moxa
Status
Awk-3121 Firmware
Vendor
CVE Published:
7 June 2019

What is CVE-2018-10696?

The Moxa AWK-3121 device, running version 1.14, suffers from a Cross-Site Request Forgery (CSRF) vulnerability. This weakness allows attackers to exploit the unsecured web interface meant for device management, potentially tricking an administrator into unknowingly performing actions on the device. Attack vectors are identifiable through specific URIs, such as forms/iw_webSetParameters and forms/webSetMainRestart, which enable unauthorized command execution without proper user authentication.

References

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/maste...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-10696 : CSRF Vulnerability in Moxa AWK-3121 by Moxa