Описание
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Уязвимость компонента iwwebs микропрограммного обеспечения беспроводной точки доступа для промышленных систем Moxa AWK-3131A, позволяющая нарушителю получить полный контроль над устройством
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2