A vulnerability, which was classified as critical, was found in Moxa AWK-3121 1.14 (Router Operating System). This affects an unknown part. The manipulation of the argument to1/to2/to3/to4 as part of a POST Parameter leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack.

The weakness was shared 06/07/2019 (Website). The advisory is shared at seclists.org. This vulnerability is uniquely identified as CVE-2018-10695 since 05/03/2018. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details are known, but no exploit is available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 136204, 136205, 136206 and 136207 are related to this item.

Productinfo

Type

• Router Operating System

Vendor

• Moxa

Name

• AWK-3121

Version

• 1.14

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion