Moxa AWK-3131A Series Industrial AP/Bridge/Client Vulnerabilities
Multiple product vulnerabilities were identified in Moxa’s AWK-3131A industrial AP/Bridge/Client Series. In response to this, Moxa has issued patch’s to address these vulnerabilities.
Please contact Moxa Technical Support to get the security patch.
Improper Access Control (CWE-284) – CVE-2019-5136 / TALOS-2019-0925
Improper system access as a higher privilege user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Use of Hard-coded Cryptographic Key (CWE-321)
CVE-2019-5137 / TALOS-2019-0926
Exploitable Hard-coded Cryptographic Key allows for the decryption of captured traffic.
Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5138 / TALOS-2019-0927
Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Use of Hard-coded Credentials (CWE-798) CVE-2019-5139 / TALOS-2019-0928
Exploitable hard-coded credentials.
Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5140 / TALOS-2019-0929
Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5141 / TALOS-2019-0930
Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Improper Neutralization of Special Elements used in an OS Command (CWE-78) CVE-2019-5142 / TALOS-2019-0931
Remote Command Injection to gain control over a device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Buffer Copy without Checking Size of Input (CWE-120) CVE-2019-5143 / TALOS-2019-0932
This vulnerability may cause remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Out-of-bounds Read (CWE-125)
CVE-2019-5148 / TALOS-2019-0938
An attacker can send a crafted packet and cause denial-of-service of the device.
Stack-based Buffer Overflow (CWE-121) CVE-2019-5153 / TALOS-2019-0944
This vulnerability may cause remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Improper Access Control (CWE-284) CVE-2019-5162 / TALOS-2019-0955
Improper remote shell access to the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Authentication Bypass Using an Alternate Path or Channel (CWE-288) CVE-2019-5165 / TALOS-2019-0960
An exploitable authentication bypass vulnerability. Attacker can trigger authentication bypass on specially configured device.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.