CVE-2019-5162

CWE-284 — Improper Access Control CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 33.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Awk-3131a Firmware

Timeline

PublishedFeb 25

Latest updateMay 24

Description

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmoxa/awk-3131a_firmware1.13

▶CVEListV5moxaMoxa AWK-3131A Firmware version 1.13

🔴Vulnerability Details

GHSA

GHSA-536j-cvcw-6cqq: An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1↗2022-05-24

▶

CVEList

CVE-2019-5162: An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1↗2020-02-25

▶