CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5138

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile32.59th
PublishedFeb 25, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.

Affected Platforms (CPE)

💻
Moxa

Awk 3131a Firmware

= 1.13

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0927
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0927

Related Vulnerabilities

CVE-2017-1445910.0

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Ind...

CVE-2016-87179.8

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1...

CVE-2016-87219.1

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Ac...

CVE-2019-51368.8

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1....