Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10700 (GCVE-0-2018-10700)
Vulnerability from cvelistv5 – Published: 2019-06-07 19:51 – Updated: 2024-08-05 07:46
VLAI?
EPSS
Summary
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T22:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121",
"refsource": "MISC",
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10700",
"datePublished": "2019-06-07T19:51:53",
"dateReserved": "2018-05-03T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:awk-3121_firmware:1.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F210EF5D-9A27-4709-A5C2-878D60E61D81\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB3CD92C-362A-4A96-A09E-F04476A9D854\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \\\"iw_board_deviceName\\\" is susceptible to this injection.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un problema en los dispositivos Moxa AWK-3121 versi\\u00f3n 1.19. Proporciona funcionalidad para que un administrador pueda cambiar el nombre del dispositivo. Sin embargo, la misma funcionalidad permite que un atacante ejecute XSS inyectando una carga XSS. El par\\u00e1metro POST \\\"iw_board_deviceName\\\" es susceptible a esta inyecci\\u00f3n.\"}]",
"id": "CVE-2018-10700",
"lastModified": "2024-11-21T03:41:52.933",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-06-07T20:29:00.670",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Jun/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10700\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-07T20:29:00.670\",\"lastModified\":\"2024-11-21T03:41:52.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \\\"iw_board_deviceName\\\" is susceptible to this injection.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema en los dispositivos Moxa AWK-3121 versi\u00f3n 1.19. Proporciona funcionalidad para que un administrador pueda cambiar el nombre del dispositivo. Sin embargo, la misma funcionalidad permite que un atacante ejecute XSS inyectando una carga XSS. El par\u00e1metro POST \\\"iw_board_deviceName\\\" es susceptible a esta inyecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:awk-3121_firmware:1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F210EF5D-9A27-4709-A5C2-878D60E61D81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB3CD92C-362A-4A96-A09E-F04476A9D854\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
VAR-201906-0790
Vulnerability from variot - Updated: 2023-12-18 12:00An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection. Moxa AWK-3121 The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Moxa AWK-3121 is an industrial-grade wireless access point produced by Moxa Corporation of Taiwan, China. The 'iw_board_deviceName' parameter in Moxa AWK-3121 version 1.19 has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
[VulnerabilityType Other] HTTP traffic by default
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors] An attacker can sniff the HTTP traffic passing between the user and the device by using a MITM attack such as ARP poisoning.
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- It is intended that an administrator can download /systemlog.log (the system log).
[Additional Information] POC http://192.168.127.253//systemlog.log
[Vulnerability Type] Incorrect Access Control
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors] An attacker can navigate to URL and download the systemlog file without any authentication or authorization
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- The session cookie "Password508" does not have an HttpOnly flag.
[VulnerabilityType Other] Missing HttpOnly flag on session cookie
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors] An attacker can use cross-site scripting attack to access the session cookie "Password508" which can allow an attacker to login into the device.
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.
[Additional Information] POC
POST /forms/webSetPingTrace HTTP/1.1 Cookie: Password508=6d86219d9cca208c1085cce81fdd31f0
srvName=AAAAAA (etc.) EEEEEE&option=0&bkpath=%2Fping_trace.asp
[Vulnerability Type] Buffer Overflow
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute a buffer overflow on the device
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
[VulnerabilityType Other] Open WiFi Connection
[Vendor of Product] Moxa
[Affected Product Code Base] AWK 3121 - 1.14
[Affected Component] Device
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors] An attacker can monitor the Wifi channels using Kismet or some other opensource software and an wireless card in monitor mode and sniff all the traffic including HTTP traffic as well as SSH and Telnet traffic.
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.
[Additional Information] POC POST /forms/web_SendTestEmail HTTP/1.1 Cookie: Password508=fab7f1d1efa604721aa70cf5a1ad163f
server=server.mail.com&username=test&password=test&from=test@mail.com&to1=AAAAAAAAAA (etc.)
[Vulnerability Type] Buffer Overflow
[Vendor of Product] Moxa
[Affected Product Code Base] AWK 3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute the buffer overflow
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
[Additional Information] POC to change name of the device
<html <body <form id="f" action="http://192.168.127.253/forms/iw_webSetParameters" method="POST" enctype="application/x-www-form-urlencoded" <input type="hidden" name="iw_board_deviceName" value="AWK-ROMEO" / <input type="hidden" name="iw_board_deviceLocation" value="" / <input type="hidden" name="iw_board_deviceDescription" value="" / <input type="hidden" name="iw_board_deviceContactInfo" value="" / <input type="hidden" name="Submit" value="Submit" / <input type="hidden" name="bkpath" value="/sysinfo.asp " / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html
<html <body <form id="f" action="http://192.168.127.253/forms/webSetMainRestart" method="GET" enctype="application/x-www-form-urlencoded" <input type="hidden" name="SaveValue" value="1" / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html
[Vulnerability Type] Cross Site Request Forgery (CSRF)
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Impact Escalation of Privileges] true
[Impact Information Disclosure] true
[Attack Vectors] An attacker can trick an administrator of the device to visit an attacker controlled page while connected to the network and thus trick to change the password or any other setting
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
[Additional Information] POC
POST /forms/webSetPingTrace HTTP/1.1 Cookie: Password508=e07f98b965bcc5abfe11c9c763b2d333
srvName=192.168.127.102;ping -c 8 192.168.127.101;##&option=0&bkpath=%2Fping_trace.asp
[VulnerabilityType Other] Command injection in Ping functionality
[Vendor of Product] Moxa
[Affected Product Code Base] AWK 3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
[VulnerabilityType Other] Insecure service Telnet enabled by default
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Telnet daemon
[Attack Type] Remote
[Impact Code execution] true
[Impact Information Disclosure] true
[Attack Vectors] An attacker can sniff the traffic passing between the device and user by using a MITM attack such as ARP poisoning
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
[Additional Information] POC POST /forms/web_certUpload HTTP/1.1 Cookie: Password508=68abf30ef8176a4248320929e04df562
... 114782935826962 Content-Disposition: form-data; name="iw_privatePass"
;ping -c 9 192.168.127.103 ##
... 114782935826962
Content-Disposition: form-data; name="bkpath"
/wireless_cert.asp?index=1 ... 114782935826962 Content-Disposition: form-data; name="certSection"
certWlan ... 114782935826962 Content-Disposition: form-data; name="rfindex"
0 ... 114782935826962 Content-Disposition: form-data; name="Submit"
Submit ... 114782935826962 Content-Disposition: form-data; name="certFile1"
test.txt ... 114782935826962 Content-Disposition: form-data; name="certFile"; filename="blob" Content-Type: text/xml
<a id="a"<b id="b"hey!</b</a ... 114782935826962--
[VulnerabilityType Other] Command injection in file upload
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
[Additional Information] POC <html <body <form id="f" action="http://192.168.127.253/forms/iw_webSetParameters" method="POST" enctype="application/x-www-form-urlencoded" <input type="hidden" name="iw_board_deviceName" value="AWK<\/td');alert(1);//" / <input type="hidden" name="iw_board_deviceLocation" value="" / <input type="hidden" name="iw_board_deviceDescription" value="" / <input type="hidden" name="iw_board_deviceContactInfo" value="" / <input type="hidden" name="Submit" value="Submit" / <input type="hidden" name="bkpath" value="/sysinfo.asp " / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html
[Vulnerability Type] Cross Site Scripting (XSS)
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.9
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Impact Escalation of Privileges] true
[Impact Information Disclosure] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute a stored XSS on the device.
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
- By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.
[Additional Information] POC POST /forms/web_runScript HTTP/1.1 Cookie: Password508=071b1093656adca3510d5e32f69737ec
... 7e21a62f2905ca Content-Disposition: form-data; name="iw_filename"; filename="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBCCCC" Content-Type: application/octet-stream
ls -ltr ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_storage"
tftp ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_serverip"
ping -c 3 192.168.127.101
... 7e21a62f2905ca
Content-Disposition: form-data; name="bkpath"
/Troubleshooting.asp ... 7e21a62f2905ca--
[Vulnerability Type] Buffer Overflow
[Vendor of Product] Moxa
[Affected Product Code Base] AWK-3121 - 1.14
[Affected Component] Web Server -- iw_webs (Goahead)
[Attack Type] Remote
[Impact Code execution] true
[Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute buffer overflow
[Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm
[Discoverer] Samuel Huntley
[Additional Information] POC
<html <body <script function submitRequest() { var formData = new FormData();
formData.append("iw_filename", ";ping -c 9 192.168.127.103 ##");
formData.append("iw_storage", "tftp");
formData.append("iw_serverip", "192.168.1.101");
formData.append("bkpath", "/wireless_cert.asp?index=1");
// HTML file input, chosen by user formData.append("certFile1", "test.txt");
// JavaScript file-like object var content = '<a id="a"<b id="b"hey!
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3121",
"scope": "eq",
"trust": 1.8,
"vendor": "moxa",
"version": "1.19"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3121_firmware:1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10700"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samuel Huntley",
"sources": [
{
"db": "PACKETSTORM",
"id": "153223"
}
],
"trust": 0.1
},
"cve": "CVE-2018-10700",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10700",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-120486",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-10700",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10700",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-328",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120486",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10700",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection. Moxa AWK-3121 The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Moxa AWK-3121 is an industrial-grade wireless access point produced by Moxa Corporation of Taiwan, China. The \u0027iw_board_deviceName\u0027 parameter in Moxa AWK-3121 version 1.19 has a cross-site scripting vulnerability. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \n The device by default allows HTTP traffic thus\n providing an insecure communication mechanism for a user connecting to\n the web server. This allows an attacker to sniff the traffic easily and\n allows an attacker to compromise sensitive data such as credentials. \n \n ------------------------------------------\n \n [VulnerabilityType Other]\n HTTP traffic by default\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can sniff the HTTP traffic passing between the user and the device by using a MITM attack such as ARP poisoning. \n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n \n2. \n It is intended that an administrator can download /systemlog.log (the system\n log). \n \n ------------------------------------------\n \n [Additional Information]\n POC \n http://192.168.127.253//systemlog.log\n \n ------------------------------------------\n \n [Vulnerability Type]\n Incorrect Access Control\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can navigate to URL and download the systemlog file without any authentication or authorization\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n3. \n The session cookie \"Password508\" does not have an HttpOnly flag. \n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Missing HttpOnly flag on session cookie\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can use cross-site scripting attack to access the session cookie \"Password508\" which can allow an attacker to login into the device. \n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n4. \n It provides ping functionality so that an administrator\n can execute ICMP calls to check if the network is working correctly. By crafting a packet that contains a string of\n 516 characters, it is possible for an attacker to execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC \n \n POST /forms/webSetPingTrace HTTP/1.1\n Cookie: Password508=6d86219d9cca208c1085cce81fdd31f0\n \n srvName=AAAAAA (etc.) EEEEEE\u0026option=0\u0026bkpath=%2Fping_trace.asp\n \n ------------------------------------------\n \n [Vulnerability Type]\n Buffer Overflow\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request and execute a buffer overflow on the device\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n5. \n The device provides a Wi-Fi connection that is open and does not use\n any encryption mechanism by default. An administrator who uses the\n open wireless connection to set up the device can allow an\n attacker to sniff the traffic passing between the user\u0027s computer and the\n device. This can allow an attacker to steal the credentials passing\n over the HTTP connection as well as TELNET traffic. Also an attacker\n can MITM the response and infect a user\u0027s computer very easily as\n well. \n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Open WiFi Connection\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK 3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Device\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can monitor the Wifi channels using Kismet or some other\n opensource software and an wireless card in monitor mode and sniff all\n the traffic including HTTP traffic as well as SSH and Telnet traffic. \n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n6. By crafting\n a packet that contains a string of 678 characters, it is\n possible for an attacker to execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC\n POST /forms/web_SendTestEmail HTTP/1.1\n Cookie: Password508=fab7f1d1efa604721aa70cf5a1ad163f\n \n server=server.mail.com\u0026username=test\u0026password=test\u0026from=test@mail.com\u0026to1=AAAAAAAAAA (etc.)\n \n ------------------------------------------\n \n [Vulnerability Type]\n Buffer Overflow\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK 3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request and execute the buffer overflow\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n7. However, this interface is not protected against\n CSRF attacks, which allows an attacker to trick an administrator into\n executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and\n forms/webSetMainRestart URIs. \n \n ------------------------------------------\n \n [Additional Information]\n POC to change name of the device \n \n \u003chtml\n \u003cbody\n \u003cform id=\"f\" action=\"http://192.168.127.253/forms/iw_webSetParameters\" method=\"POST\" enctype=\"application/x-www-form-urlencoded\"\n \u003cinput type=\"hidden\" name=\"iw_board_deviceName\" value=\"AWK-ROMEO\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceLocation\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceDescription\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceContactInfo\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"Submit\" value=\"Submit\" /\n \u003cinput type=\"hidden\" name=\"bkpath\" value=\"/sysinfo.asp \" /\n \u003c/form\n \u003cscript\n setTimeout(\"document.forms[\u0027f\u0027].submit();\",1);\n \u003c/script\n \u003c/body\n \u003c/html\n \n \u003chtml\n \u003cbody\n \u003cform id=\"f\" action=\"http://192.168.127.253/forms/webSetMainRestart\" method=\"GET\" enctype=\"application/x-www-form-urlencoded\"\n \u003cinput type=\"hidden\" name=\"SaveValue\" value=\"1\" /\n \u003c/form\n \u003cscript\n setTimeout(\"document.forms[\u0027f\u0027].submit();\",1);\n \u003c/script\n \u003c/body\n \u003c/html\n \n ------------------------------------------\n \n [Vulnerability Type]\n Cross Site Request Forgery (CSRF)\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Impact Escalation of Privileges]\n true\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can trick an administrator of the device to visit an\n attacker controlled page while connected to the network and thus trick\n to change the password or any other setting\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n8. \n The Moxa AWK 3121 provides ping functionality so that an administrator\n can execute ICMP calls to check if the network is working correctly. By crafting a packet that contains shell metacharacters,\n it is possible for an attacker to\n execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC\n \n POST /forms/webSetPingTrace HTTP/1.1\n Cookie: Password508=e07f98b965bcc5abfe11c9c763b2d333\n \n srvName=192.168.127.102;ping -c 8 192.168.127.101;##\u0026option=0\u0026bkpath=%2Fping_trace.asp\n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Command injection in Ping functionality\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK 3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n9. \n The device enables an unencrypted TELNET service by default. This allows an\n attacker who has been able to gain an MITM position to easily sniff the\n traffic between the device and the user. Also an attacker can easily\n connect to the TELNET daemon using the default credentials if they have\n not been changed by the user. \n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Insecure service Telnet enabled by default\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Telnet daemon\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n An attacker can sniff the traffic passing between the device and user by using a MITM attack such as ARP poisoning\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n10. \n The Moxa AWK 3121 provides certfile upload functionality so that an\n administrator can upload a certificate file used for connecting to the\n wireless network. By crafting a packet that contains shell metacharacters,\n it is possible\n for an attacker to execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC \n POST /forms/web_certUpload HTTP/1.1\n Cookie: Password508=68abf30ef8176a4248320929e04df562\n \n ... 114782935826962\n Content-Disposition: form-data; name=\"iw_privatePass\"\n \n ;`ping -c 9 192.168.127.103` ##\n ... 114782935826962\n Content-Disposition: form-data; name=\"bkpath\"\n \n /wireless_cert.asp?index=1\n ... 114782935826962\n Content-Disposition: form-data; name=\"certSection\"\n \n certWlan\n ... 114782935826962\n Content-Disposition: form-data; name=\"rfindex\"\n \n 0\n ... 114782935826962\n Content-Disposition: form-data; name=\"Submit\"\n \n Submit\n ... 114782935826962\n Content-Disposition: form-data; name=\"certFile1\"\n \n test.txt\n ... 114782935826962\n Content-Disposition: form-data; name=\"certFile\"; filename=\"blob\"\n Content-Type: text/xml\n \n \u003ca id=\"a\"\u003cb id=\"b\"hey!\u003c/b\u003c/a\n ... 114782935826962--\n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Command injection in file upload\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n11. \n \n ------------------------------------------\n \n [Additional Information]\n POC\n \u003chtml\n \u003cbody\n \u003cform id=\"f\" action=\"http://192.168.127.253/forms/iw_webSetParameters\" method=\"POST\" enctype=\"application/x-www-form-urlencoded\"\n \u003cinput type=\"hidden\" name=\"iw_board_deviceName\" value=\"AWK\u003c\\/td\u0027);alert(1);//\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceLocation\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceDescription\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"iw_board_deviceContactInfo\" value=\"\" /\n \u003cinput type=\"hidden\" name=\"Submit\" value=\"Submit\" /\n \u003cinput type=\"hidden\" name=\"bkpath\" value=\"/sysinfo.asp \" /\n \u003c/form\n \u003cscript\n setTimeout(\"document.forms[\u0027f\u0027].submit();\",1);\n \u003c/script\n \u003c/body\n \u003c/html\n \n ------------------------------------------\n \n [Vulnerability Type]\n Cross Site Scripting (XSS)\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.9\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Impact Escalation of Privileges]\n true\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request and execute a stored XSS on the device. \n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n12. By crafting a packet that contains a string of\n 162 characters, it is possible for an attacker to execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC \n POST /forms/web_runScript HTTP/1.1\n Cookie: Password508=071b1093656adca3510d5e32f69737ec\n \n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_filename\"; filename=\"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBCCCC\"\n Content-Type: application/octet-stream\n \n ls -ltr\n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_storage\"\n \n tftp\n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_serverip\"\n \n `ping -c 3 192.168.127.101`\n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"bkpath\"\n \n /Troubleshooting.asp\n ... 7e21a62f2905ca--\n \n ------------------------------------------\n \n [Vulnerability Type]\n Buffer Overflow\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request and execute buffer overflow\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n13. \n \n ------------------------------------------\n \n [Additional Information]\n POC\n \n \u003chtml\n \u003cbody\n \u003cscript\n function submitRequest()\n {\n var formData = new FormData();\n \n formData.append(\"iw_filename\", \";`ping -c 9 192.168.127.103` ##\");\n formData.append(\"iw_storage\", \"tftp\");\n formData.append(\"iw_serverip\", \"192.168.1.101\");\n formData.append(\"bkpath\", \"/wireless_cert.asp?index=1\");\n \n // HTML file input, chosen by user\n formData.append(\"certFile1\", \"test.txt\");\n \n // JavaScript file-like object\n var content = \u0027\u003ca id=\"a\"\u003cb id=\"b\"hey!\u003c/b\u003c/a\u0027; // the body of the new file... \n var blob = new Blob([content], { type: \"text/xml\"});\n \n formData.append(\"certFile\", blob);\n \n var request = new XMLHttpRequest();\n request.open(\"POST\", \"http://192.168.127.253/forms/web_certUpload\");\n request.send(formData);\n }\n \u003c/script\n \u003cform action=\"#\"\n \u003cinput type=\"submit\" value=\"Submit request\" onclick=\"submitRequest();\" /\n \u003c/form\n \u003c/body\n \u003c/html\n \n ------------------------------------------\n \n [VulnerabilityType Other]\n Command injection in web runscript functionality\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n\n14. By crafting a packet that contains a string of\n 480 characters, it is possible for an attacker to execute the attack. \n \n ------------------------------------------\n \n [Additional Information]\n POC\n POST /forms/web_runScript HTTP/1.1\n Cookie: Password508=c629f1b9d18c3d751da6d7b1fd43e628\n \n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_filename\"; filename=\"XXXX\"\n Content-Type: application/octet-stream\n \n ls -ltr\n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_storage\"\n \n tftp\n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"iw_serverip\"\n \n AAAAAAAAAAAAAAAAAA (etc.)\n \n ... 7e21a62f2905ca\n Content-Disposition: form-data; name=\"bkpath\"\n \n /Troubleshooting.asp\n ... 7e21a62f2905ca--\n \n ------------------------------------------\n \n [Vulnerability Type]\n Buffer Overflow\n \n ------------------------------------------\n \n [Vendor of Product]\n Moxa\n \n ------------------------------------------\n \n [Affected Product Code Base]\n AWK-3121 - 1.14\n \n ------------------------------------------\n \n [Affected Component]\n Web Server -- iw_webs (Goahead)\n \n ------------------------------------------\n \n [Attack Type]\n Remote\n \n ------------------------------------------\n \n [Impact Code execution]\n true\n \n ------------------------------------------\n \n [Impact Information Disclosure]\n true\n \n ------------------------------------------\n \n [Attack Vectors]\n Use XSRF form to trick an admin into submitting the request and execute the buffer overflow\n \n ------------------------------------------\n \n [Reference]\n https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm\n \n ------------------------------------------\n \n [Discoverer]\n Samuel Huntley\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "PACKETSTORM",
"id": "153223"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "153223",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-10700",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-337-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-328",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4544",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120486",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10700",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "PACKETSTORM",
"id": "153223"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"id": "VAR-201906-0790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-120486"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:03.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Moxa_AWK_1121",
"trust": 0.1,
"url": "https://github.com/samuelhuntley/moxa_awk_1121 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/153223/moxa-awk-3121-1.14-information-disclosure-command-execution.html"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/jun/8"
},
{
"trust": 1.8,
"url": "https://github.com/samuelhuntley/moxa_awk_1121/blob/master/moxa_awk_1121"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10700"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-337-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10700"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4544/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/samuelhuntley/moxa_awk_1121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10695"
},
{
"trust": 0.1,
"url": "http://192.168.127.253/forms/websetmainrestart\""
},
{
"trust": 0.1,
"url": "https://www.moxa.com/event/tech/2008/awk-3121/index.htm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10703"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10690"
},
{
"trust": 0.1,
"url": "http://192.168.127.253/forms/iw_websetparameters\""
},
{
"trust": 0.1,
"url": "http://192.168.127.253/forms/web_certupload\");"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10694"
},
{
"trust": 0.1,
"url": "http://192.168.127.253//systemlog.log"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10692"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "PACKETSTORM",
"id": "153223"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-120486"
},
{
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"db": "PACKETSTORM",
"id": "153223"
},
{
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-120486"
},
{
"date": "2019-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"date": "2019-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"date": "2019-06-07T22:22:22",
"db": "PACKETSTORM",
"id": "153223"
},
{
"date": "2019-06-07T20:29:00.670000",
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"date": "2019-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-120486"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10700"
},
{
"date": "2019-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015599"
},
{
"date": "2019-06-10T23:29:02.230000",
"db": "NVD",
"id": "CVE-2018-10700"
},
{
"date": "2019-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3121 Cross-site scripting vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015599"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-328"
}
],
"trust": 0.6
}
}
GHSA-VQ47-4FFR-FMJH
Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:53
VLAI?
Details
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-10700"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-07T20:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection.",
"id": "GHSA-vq47-4ffr-fmjh",
"modified": "2024-04-04T00:53:58Z",
"published": "2022-05-24T16:47:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10700"
},
{
"type": "WEB",
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
ICSA-19-337-02
Vulnerability from csaf_cisa - Published: 2019-12-03 00:00 - Updated: 2019-12-03 00:00Summary
Moxa AWK-3121
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information, cause availability issues, and execute remote code.
Critical infrastructure sectors
Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/areas deployed
Worldwide
Company headquarters location
Taiwan
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Recommended Practices
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
{
"document": {
"acknowledgments": [
{
"names": [
"Samuel Huntley"
],
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information, cause availability issues, and execute remote code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Taiwan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-337-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-337-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-337-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-337-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Moxa AWK-3121",
"tracking": {
"current_release_date": "2019-12-03T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-337-02",
"initial_release_date": "2019-12-03T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-12-03T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-337-02 Moxa AWK-3121"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.14",
"product": {
"name": "AWK-3121: All Versions 1.14 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "AWK-3121"
}
],
"category": "vendor",
"name": "Moxa"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10690",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The device uses HTTP traffic by default allowing insecure communication to the web server, which could allow an attacker to compromise sensitive data such as credentials.CVE-2018-10690 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10690"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10691",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An attacker can navigate to a URL and download the system log without authentication, which may allow access to sensitive information.CVE-2018-10691 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10691"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10692",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "A cross-site scripting attack allows access to session cookies, which may allow an attacker to login into the device.CVE-2018-10692 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10692"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10693",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may execute network troubleshooting commands to cause a buffer overflow condition, which may allow the attacker to execute commands on the device.CVE-2018-10693 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10693"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10694",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The Wi-Fi connection used to set up the device is not encrypted by default, which may allow an attacker to capture sensitive data.CVE-2018-10694 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10694"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10695",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may cause a buffer overflow using the device alert functionality, which may allow the attacker to execute commands on the device.CVE-2018-10695 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10695"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10696",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "The web interface is not protected against CSRF attacks, which may allow an attacker to trick a user into executing commands or actions by clicking a malicious link.CVE-2018-10696 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10696"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10697",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may inject malicious commands into the system while using network troubleshooting functions, which may allow the attacker to execute unauthorized commands on the device.CVE-2018-10697 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10697"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10698",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The system enables an insecure service by default, which may allow an attacker to view sensitive information or modify information being transmitted through a man-in-the-middle attack.CVE-2018-10698 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10698"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10699",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user can inject malicious commands while using system certificate functions, which may allow the attacker to execute unauthorized commands on the device.CVE-2018-10699 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10699"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10700",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user can execute an XSS attack, which may allow the injection of a malicious payload on the server.CVE-2018-10700 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10700"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10701",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may cause a buffer overflow on the system using system troubleshooting functions, which may allow the attacker to execute commands.CVE-2018-10701 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10701"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10702",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may inject malicious commands on the system using system troubleshooting functions, which may allow the attacker to execute commands on the device.CVE-2018-10702 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10702"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2018-10703",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An unauthorized user may cause a buffer overflow on the system using system troubleshooting functions, which may allow the attacker to execute commands on the device.CVE-2018-10703 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10703"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Moxa notes this device has reached end of life and has been replaced by model AWK-1131A (see Moxa bulletin). Moxa recommends users apply the latest security patch, which can be obtained by contacting customer service at the following link:",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/products/phased-out-products/awk-3121-series"
},
{
"category": "mitigation",
"details": "For additional information see the Moxa advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
CERTFR-2019-AVI-598
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moxa AWK-3121. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moxa s\u00e9rie AWK-3121 versions ant\u00e9rieures \u00e0 1.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10690"
},
{
"name": "CVE-2018-10702",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10702"
},
{
"name": "CVE-2018-10692",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10692"
},
{
"name": "CVE-2018-10700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10700"
},
{
"name": "CVE-2018-10696",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10696"
},
{
"name": "CVE-2018-10697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10697"
},
{
"name": "CVE-2018-10691",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10691"
},
{
"name": "CVE-2018-10701",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10701"
},
{
"name": "CVE-2018-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10703"
},
{
"name": "CVE-2018-10699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10699"
},
{
"name": "CVE-2018-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10693"
},
{
"name": "CVE-2018-10698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10698"
},
{
"name": "CVE-2018-10695",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10695"
},
{
"name": "CVE-2018-10694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10694"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-598",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa AWK-3121.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa AWK-3121",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 02 d\u00e9cembre 2019",
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
]
}
CERTFR-2019-AVI-598
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moxa AWK-3121. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moxa s\u00e9rie AWK-3121 versions ant\u00e9rieures \u00e0 1.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10690"
},
{
"name": "CVE-2018-10702",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10702"
},
{
"name": "CVE-2018-10692",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10692"
},
{
"name": "CVE-2018-10700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10700"
},
{
"name": "CVE-2018-10696",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10696"
},
{
"name": "CVE-2018-10697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10697"
},
{
"name": "CVE-2018-10691",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10691"
},
{
"name": "CVE-2018-10701",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10701"
},
{
"name": "CVE-2018-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10703"
},
{
"name": "CVE-2018-10699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10699"
},
{
"name": "CVE-2018-10693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10693"
},
{
"name": "CVE-2018-10698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10698"
},
{
"name": "CVE-2018-10695",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10695"
},
{
"name": "CVE-2018-10694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10694"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-598",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moxa AWK-3121.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moxa AWK-3121",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 02 d\u00e9cembre 2019",
"url": "https://www.moxa.com/en/support/support/security-advisory/awk-3121-series-industrial-ap-bridge-client-vulnerabilities"
}
]
}
GSD-2018-10700
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10700",
"description": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection.",
"id": "GSD-2018-10700"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10700"
],
"details": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection.",
"id": "GSD-2018-10700",
"modified": "2023-12-13T01:22:41.679995Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121",
"refsource": "MISC",
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3121_firmware:1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10700"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2019-06-10T23:29Z",
"publishedDate": "2019-06-07T20:29Z"
}
}
}
FKIE_CVE-2018-10700
Vulnerability from fkie_nvd - Published: 2019-06-07 20:29 - Updated: 2024-11-21 03:41
Severity ?
Summary
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | awk-3121_firmware | 1.19 | |
| moxa | awk-3121 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:awk-3121_firmware:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "F210EF5D-9A27-4709-A5C2-878D60E61D81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3CD92C-362A-4A96-A09E-F04476A9D854",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter \"iw_board_deviceName\" is susceptible to this injection."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema en los dispositivos Moxa AWK-3121 versi\u00f3n 1.19. Proporciona funcionalidad para que un administrador pueda cambiar el nombre del dispositivo. Sin embargo, la misma funcionalidad permite que un atacante ejecute XSS inyectando una carga XSS. El par\u00e1metro POST \"iw_board_deviceName\" es susceptible a esta inyecci\u00f3n."
}
],
"id": "CVE-2018-10700",
"lastModified": "2024-11-21T03:41:52.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-07T20:29:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2019-17007
Vulnerability from cnvd - Published: 2019-06-12
VLAI Severity ?
Title
Moxa AWK-3121跨站脚本漏洞
Description
Moxa AWK-3121是中国台湾摩莎(Moxa)公司的一款工业级无线访问接入点。
Moxa AWK-3121 1.19版本中的‘iw_board_deviceName’参数存在跨站脚本漏洞,攻击者可利用该漏洞执行客户端代码。
Severity
中
Formal description
厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://www.moxa.com/
Reference
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Impacted products
| Name | Moxa AWK-3121 1.19 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10700"
}
},
"description": "Moxa AWK-3121\u662f\u4e2d\u56fd\u53f0\u6e7e\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ea7\u65e0\u7ebf\u8bbf\u95ee\u63a5\u5165\u70b9\u3002\n\nMoxa AWK-3121 1.19\u7248\u672c\u4e2d\u7684\u2018iw_board_deviceName\u2019\u53c2\u6570\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
"discovererName": "unknown",
"formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.moxa.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-17007",
"openTime": "2019-06-12",
"products": {
"product": "Moxa AWK-3121 1.19"
},
"referenceLink": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121",
"serverity": "\u4e2d",
"submitTime": "2019-06-10",
"title": "Moxa AWK-3121\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…