CVE-2018-10699

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGH
EPSS
0.5%
top 32.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Awk-3121 Firmware
Timeline
PublishedJun 7
Latest updateMay 24

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-qrrx-xqmq-f342: An issue was discovered on Moxa AWK-3121 12022-05-24
OSV
vlc vulnerabilities2021-03-15
CVEList
CVE-2018-10699: An issue was discovered on Moxa AWK-3121 12019-06-07
CVE-2018-10699 (HIGH CVSS 8.8) | An issue was discovered on Moxa AWK | cvebase.io