CVE-2018-10696

Опубликовано: 07 июн. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.

Ссылки

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Exploit
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Exploit
Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*

cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00254

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-353w-gjcf-9cx8