CVE-2018-10693

CWE-119Buffer Overflow3 documents3 sources
Severity
8.8HIGH
EPSS
0.7%
top 28.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Awk-3121 Firmware
Timeline
PublishedJun 7
Latest updateMay 24

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j5v6-264g-wgmq: An issue was discovered on Moxa AWK-3121 12022-05-24
CVEList
CVE-2018-10693: An issue was discovered on Moxa AWK-3121 12019-06-07
CVE-2018-10693 (HIGH CVSS 8.8) | An issue was discovered on Moxa AWK | cvebase.io