CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14459

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile11.83th
PublishedApr 11, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.

Affected Platforms (CPE)

πŸ’»
Moxa

Awk 3131a Firmware

= 1.4
πŸ’»
Moxa

Awk 3131a Firmware

= 1.5
πŸ’»
Moxa

Awk 3131a Firmware

= 1.6
πŸ’»
Moxa

Awk 3131a Firmware

= 1.7

References & Advisories

πŸ”— https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507
πŸ”— https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507

Related Vulnerabilities

CVE-2019-51389.9

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware ...

CVE-2016-87179.8

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1...

CVE-2016-87219.1

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Ac...

CVE-2019-51368.8

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1....