CVE-2019-5139

CWE-798Hard-coded Credentials3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 67.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moxa Awk-3131a Firmware
Timeline
PublishedFeb 25
Latest updateMay 24

Description

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5moxaMoxa AWK-3131A Firmware version 1.13

🔴Vulnerability Details

2
GHSA
GHSA-vq58-6hwm-6qx4: An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 12022-05-24
CVEList
CVE-2019-5139: An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 12020-02-25
CVE-2019-5139 (HIGH CVSS 7.1) | An exploitable use of hard-coded cr | cvebase.io