CVE-2019-5162
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Se presenta una vulnerabilidad de control de acceso inapropiado explotable en la funcionalidad de configuración de la cuenta iw_webs del Moxa AWK-3131A versión de firmware 1.13. Una entrada de nombre de usuario especialmente diseñada puede causar la sobreescritura de una contraseña de una cuenta de usuario existente, resultando en un acceso de shell remoto al dispositivo como ese usuario. Un atacante puede enviar comandos mientras está autenticado como usuario con poco privilegio para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2020-02-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0955 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Awk-3131a Firmware Search vendor "Moxa" for product "Awk-3131a Firmware" | 1.13 Search vendor "Moxa" for product "Awk-3131a Firmware" and version "1.13" | - |
Affected
| in | Moxa Search vendor "Moxa" | Awk-3131a Search vendor "Moxa" for product "Awk-3131a" | - | - |
Safe
|