CVE-2018-10697

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.8%
top 25.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Awk-3121 Firmware
Timeline
PublishedJun 7
Latest updateMay 24

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vxg9-g2p6-hq84: An issue was discovered on Moxa AWK-3121 12022-05-24
CVEList
CVE-2018-10697: An issue was discovered on Moxa AWK-3121 12019-06-07
CVE-2018-10697 (HIGH CVSS 8.8) | An issue was discovered on Moxa AWK | cvebase.io