CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-14459

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile11.83th
Published2018年4月11日
Last Modified2024年11月21日

Vulnerability Description

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.

Affected Platforms (CPE)

💻
Moxa

Awk 3131a Firmware

= 1.4
💻
Moxa

Awk 3131a Firmware

= 1.5
💻
Moxa

Awk 3131a Firmware

= 1.6
💻
Moxa

Awk 3131a Firmware

= 1.7

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507

相關漏洞威脅

CVE-2019-51389.9

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware ...

CVE-2016-87179.8

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1...

CVE-2016-87219.1

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Ac...

CVE-2019-51368.8

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1....