- 1519565080 bpthumb - Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

This is discovered by Patrick DeSantis and Dave McDaniel of Cisco Talos

Today, Talos is disclosing TALOS-2017-0507 (CVE-2017-14459), a vulnerability that has been identified in AWK-3131A industrial wireless access point.

The Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client is a wireless networking appliance intended for use in industrial environments. The manufacturer specifically highlights automated materials handling and automated guided vehicles as target markets.

An exploitable vulnerability exists in the Telnet functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 and newer. An attacker can inject commands via the parameter, resulting in remote, unauthenticated, root-level operating system command execution.

Read More >>



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here