CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10697
https://notcve.org/view.php?id=CVE-2018-10697
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10696
https://notcve.org/view.php?id=CVE-2018-10696
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs. Se encontró un problema en los dispositivos Moxa AWK-3121 versión 1.14. El dispositivo proporciona una interfaz web para permitir que un administrador controle el dispositivo. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10695
https://notcve.org/view.php?id=CVE-2018-10695
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10694
https://notcve.org/view.php?id=CVE-2018-10694
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10693
https://notcve.org/view.php?id=CVE-2018-10693
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •