Vulnerability Details : CVE-2018-10701
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.
Vulnerability category: Overflow
Products affected by CVE-2018-10701
- cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10701
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10701
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-10701
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-10701
-
https://seclists.org/bugtraq/2019/Jun/8
Bugtraq: Newly releases IoT security issuesMailing List;Third Party Advisory
-
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
Moxa_AWK_1121/Moxa_AWK_1121 at master · samuelhuntley/Moxa_AWK_1121 · GitHubExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
Moxa AWK-3121 1.14 Information Disclosure / Command Execution ≈ Packet StormThird Party Advisory
Jump to