CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11427
https://notcve.org/view.php?id=CVE-2018-11427
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. Los tokens CSRF no se utilizan en la aplicación web de Moxa OnCell G3100-HSPA Series versión 1.4 Build 16062919 y anteriores, lo que hace posible realizar ataques CSRF en el administrador del dispositivo. • https://github.com/klsecservices/Advisories/blob/master/KL-MOXA-2018-106.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10703
https://notcve.org/view.php?id=CVE-2018-10703
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10702
https://notcve.org/view.php?id=CVE-2018-10702
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters. Se encontró un problema en los dispositivos Moxa AWK-3121 versión 1.14. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10701
https://notcve.org/view.php?id=CVE-2018-10701
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10700
https://notcve.org/view.php?id=CVE-2018-10700
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection. Se encontró un problema en los dispositivos Moxa AWK-3121 versión 1.19. • http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •